Sudo Password Prompt Vulnerability

Friday, 26 April 2002, 1:40 PM EST

Sudo - A popular utility for allowing users to execute commands as other users contains a vulnerability which may be exploited to execute arbitrary commands.

More information about this vulnerability can be read from Global InterSec LLC security advisory located at:

http://www.net-security.org/vuln.php?id=1633


New version of Sudo was released, which can be seen from the following post to sudo-announce mailing list.



---------- Forwarded message ----------
Date: Thu, 25 Apr 2002 10:34:13 -0600
From: Todd C. Miller
To: sudo-announce@courtesan.com
Subject: Sudo version 1.6.6 now available


Sudo version 1.6.6 is now available (ftp sites listed at the end).


Changes since Sudo 1.6.5p2:


o Fixed compilation problem on HP-UX 9.x.


o Moved call to endpwent() and added a call to endgrent().


o Fixed a warning conflicting declaration of VOID with AFS.


o Fixed a security hole in prompt rewriting found by Global InterSec.


Please note that Sudo 1.6.6 fixes a security hole present in sudo
versions 1.5.7 - 1.6.5p2. Please see:
http://www.sudo.ws/pipermail/sudo-announce/2002-April/000020.html
http://www.globalintersec.com/adv/sudo-2002041701.txt
for details.


sudo 1.6.6 distribution:
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz


Master WWW site:
http://www.sudo.ws/sudo/dist/

<...>

[ Read more ]




Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //