Vulnerability Note VU#820083
sudo vulnerable to heap corruption via -p parameter
Sudo is susceptible to a locally exploitable heap overflow vulnerability.
Sudo is a common utility used to allow a system administrator to give users or groups of users rights to run certain programs as root or as another user. A locally exploitable heap overflow can lead to the execution of arbitrary code by a local attacker.
A local attacker can execute arbitrary code as root.
Apply a patch from your vendor.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Courtesan||Affected||-||26 Apr 2002|
|Debian||Affected||-||26 Apr 2002|
|MandrakeSoft||Affected||-||26 Apr 2002|
|Red Hat||Affected||-||26 Apr 2002|
|Slackware||Affected||-||26 Apr 2002|
CVSS Metrics (Learn More)
This document was written by Ian A. Finlay.
- CVE IDs: CAN-2002-0184
- Date Public: 25 Apr 2002
- Date First Published: 26 Apr 2002
- Date Last Updated: 26 Apr 2002
- Severity Metric: 15.75
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.