Sudo Password Prompt Vulnerability
Sudo - A popular utility for allowing users to execute commands as other users contains a vulnerability which may be exploited to execute arbitrary commands.
More information about this vulnerability can be read from Global InterSec LLC security advisory located at:
New version of Sudo was released, which can be seen from the following post to sudo-announce mailing list.
---------- Forwarded message ----------
Date: Thu, 25 Apr 2002 10:34:13 -0600
From: Todd C. Miller
Subject: Sudo version 1.6.6 now available
Sudo version 1.6.6 is now available (ftp sites listed at the end).
Changes since Sudo 1.6.5p2:
o Fixed compilation problem on HP-UX 9.x.
o Moved call to endpwent() and added a call to endgrent().
o Fixed a warning conflicting declaration of VOID with AFS.
o Fixed a security hole in prompt rewriting found by Global InterSec.
Please note that Sudo 1.6.6 fixes a security hole present in sudo
versions 1.5.7 - 1.6.5p2. Please see:
sudo 1.6.6 distribution:
Master WWW site:
[ Read more ]