Gentoo Archives: gentoo-announce

From: Seemant Kulleen <seemant@g.o>
To: gentoo-security@g.o, gentoo-announce@g.o, lwn@×××.net
Subject: [gentoo-announce] Buffer overflow in sudo
Date: Thu, 25 Apr 2002 21:51:18
Message-Id: 20020425195116.74e40675.seemant@gentoo.org
1 - -----------------------------------------------------------------------
2 GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
3 - -----------------------------------------------------------------------
4 PACKAGE : sudo
5 SUMMARY : security vulnerability in sudo
6 DATE : Apr 26 02:47:22 UTC 2002
7 - -----------------------------------------------------------------------
8
9 OVERVIEW
10
11 A security vulnerability has been found that might allow a local attacker
12 to gain elevated priveleges. This affects Gentoo's and sudo-1.6.5_p2
13 prior packages.
14
15
16 DETAIL
17
18 Fix for a security vulnerability that could allow local attackers to gain
19 elevated privileges though a buffer overflow exploit, related to the
20 expansion of %h and %u in the prompt. Full details available at
21 http://www.sudo.ws/pipermail/sudo-announce/2002-April/000020.html
22
23
24 SOLUTION
25
26 It is recommended that all Gentoo Linux users who are running sudo update
27 their systems as follows.
28
29 emerge --clean rsync
30 emerge sudo
31 emerge clean
32
33 - ------------------------------------------------------------------------
34 bangert@g.o
35 seemant@g.o
36 drobbins@g.o
37 - ------------------------------------------------------------------------