Vulnerability Development mailing list archives

Re: SuDo Program

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Fri, 9 Mar 2001 01:39:32 -0500

On Thu, 8 Mar 2001, Barry Russell wrote:

Debian not that long ago released on the sudo program saying that it
contained a buffer overflow that could possibly lead to root
privileges. Does anyone know where this buffer overflow lied at in the
program? Just wondering, thanks


todd miller from the openbsd project is the one who announced the problem
and released the fix. to my reccolection it was not exploitable due to
where the data wound up on the stack (or not, i don't recall).

http://www.openbsd.org/errata.html#sudo

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Current thread:

SuDo Program Barry Russell (Mar 08)
- Re: SuDo Program Jose Nazario (Mar 08)
- Re: SuDo Program Thai-Hai DINH (Mar 09)