Vulnerability Development mailing list archives
Re: SuDo Program
From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Fri, 9 Mar 2001 01:39:32 -0500
On Thu, 8 Mar 2001, Barry Russell wrote:
Debian not that long ago released on the sudo program saying that it contained a buffer overflow that could possibly lead to root privileges. Does anyone know where this buffer overflow lied at in the program? Just wondering, thanks
todd miller from the openbsd project is the one who announced the problem and released the fix. to my reccolection it was not exploitable due to where the data wound up on the stack (or not, i don't recall). http://www.openbsd.org/errata.html#sudo ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- SuDo Program Barry Russell (Mar 08)
- Re: SuDo Program Jose Nazario (Mar 08)
- Re: SuDo Program Thai-Hai DINH (Mar 09)