Contributed by Dengue on from the sudo dept.
"a vulnerability has been found in the 'sudo' command. a properly formed shell prompt can be used to execute commands outside the scope of your authorization via a heap corruption. the vulnerabiluty was found by Global InterSec. version 1.6.6 fixes these problems (and others, as well). announcement on bugtraq: http://archives.neohapsis.com/archives/bugtraq/2002-04/0350.html and openbsd patch: http://www.openbsd.org/errata.html#sudo "
(Comments are closed)
By panda () panda@NOSPAMepita.fr on mailto:panda@NOSPAMepita.fr
it is too good a command anyway, patches are
small and easily applied anyway.
The lack of comments comparing to other posts
indicates that not many people care about sudo.
It's a shame because it is very useful, saves
a lot of unnecessary typing, and combined with
ssh gives the administrator a lot of control over
the delegation of his/her powers (much better
than the group scheme like that found in
recent linux systems)
have fun