Sudo Password Prompt Vulnerability

Friday, 26 April 2002, 1:40 PM EST

Sudo - A popular utility for allowing users to execute commands as other users contains a vulnerability which may be exploited to execute arbitrary commands.

More information about this vulnerability can be read from Global InterSec LLC security advisory located at:

http://www.net-security.org/vuln.php?id=1633


New version of Sudo was released, which can be seen from the following post to sudo-announce mailing list.



---------- Forwarded message ----------
Date: Thu, 25 Apr 2002 10:34:13 -0600
From: Todd C. Miller
To: sudo-announce@courtesan.com
Subject: Sudo version 1.6.6 now available


Sudo version 1.6.6 is now available (ftp sites listed at the end).


Changes since Sudo 1.6.5p2:


o Fixed compilation problem on HP-UX 9.x.


o Moved call to endpwent() and added a call to endgrent().


o Fixed a warning conflicting declaration of VOID with AFS.


o Fixed a security hole in prompt rewriting found by Global InterSec.


Please note that Sudo 1.6.6 fixes a security hole present in sudo
versions 1.5.7 - 1.6.5p2. Please see:
http://www.sudo.ws/pipermail/sudo-announce/2002-April/000020.html
http://www.globalintersec.com/adv/sudo-2002041701.txt
for details.


sudo 1.6.6 distribution:
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz


Master WWW site:
http://www.sudo.ws/sudo/dist/

<...>

[ Read more ]




Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //