1 |
- ----------------------------------------------------------------------- |
2 |
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT |
3 |
- ----------------------------------------------------------------------- |
4 |
PACKAGE : sudo |
5 |
SUMMARY : security vulnerability in sudo |
6 |
DATE : Apr 26 02:47:22 UTC 2002 |
7 |
- ----------------------------------------------------------------------- |
8 |
|
9 |
OVERVIEW |
10 |
|
11 |
A security vulnerability has been found that might allow a local attacker |
12 |
to gain elevated priveleges. This affects Gentoo's and sudo-1.6.5_p2 |
13 |
prior packages. |
14 |
|
15 |
|
16 |
DETAIL |
17 |
|
18 |
Fix for a security vulnerability that could allow local attackers to gain |
19 |
elevated privileges though a buffer overflow exploit, related to the |
20 |
expansion of %h and %u in the prompt. Full details available at |
21 |
http://www.sudo.ws/pipermail/sudo-announce/2002-April/000020.html |
22 |
|
23 |
|
24 |
SOLUTION |
25 |
|
26 |
It is recommended that all Gentoo Linux users who are running sudo update |
27 |
their systems as follows. |
28 |
|
29 |
emerge --clean rsync |
30 |
emerge sudo |
31 |
emerge clean |
32 |
|
33 |
- ------------------------------------------------------------------------ |
34 |
bangert@g.o |
35 |
seemant@g.o |
36 |
drobbins@g.o |
37 |
- ------------------------------------------------------------------------ |