OpenBSD Journal

a sudo hole, patch available

Contributed by Dengue on from the sudo dept.

jose nazario writes :
"a vulnerability has been found in the 'sudo' command. a properly formed shell prompt can be used to execute commands outside the scope of your authorization via a heap corruption. the vulnerabiluty was found by Global InterSec. version 1.6.6 fixes these problems (and others, as well). announcement on bugtraq: and openbsd patch: "

(Comments are closed)

  1. By panda () on

    Not the first problem in sudo, but
    it is too good a command anyway, patches are
    small and easily applied anyway.

    The lack of comments comparing to other posts
    indicates that not many people care about sudo.
    It's a shame because it is very useful, saves
    a lot of unnecessary typing, and combined with
    ssh gives the administrator a lot of control over
    the delegation of his/her powers (much better
    than the group scheme like that found in
    recent linux systems)

    have fun


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]