Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0184

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-0184
Last Modified 07 Mar 2011 09:07:53
Published 16 May 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0184

Summary

Heap-based buffer overflow in sudo before 1.6.6 may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

Vulnerable Systems

Application

  • Todd Miller Sudo 1.5.9

  • Todd Miller Sudo 1.6

  • Todd Miller Sudo 1.6.1

  • Todd Miller Sudo 1.6.2

  • Todd Miller Sudo 1.6.3

  • Todd Miller Sudo 1.6.3p1

  • Todd Miller Sudo 1.6.3p2

  • Todd Miller Sudo 1.6.3p3

  • Todd Miller Sudo 1.6.3p4

  • Todd Miller Sudo 1.6.3p5

  • Todd Miller Sudo 1.6.3p6

  • Todd Miller Sudo 1.6.3p7

  • Todd Miller Sudo 1.6.4

  • Todd Miller Sudo 1.6.4p1

  • Todd Miller Sudo 1.6.4p2

  • Todd Miller Sudo 1.6.5

  • Todd Miller Sudo 1.6.5p1

  • Todd Miller Sudo 1.6.5p2


References

CERT-VN - VU#820083

ENGARDE - ESA-20020429-010

BUGTRAQ - 20020425 [Global InterSec 2002041701] Sudo Password Prompt

BUGTRAQ - 20020429 TSLSA-2002-0046 - sudo

BID - 4593

REDHAT - RHSA-2002:072

REDHAT - RHSA-2002:071

SUSE - SuSE-SA:2002:014

MANDRAKE - MDKSA-2002:028

XF - sudo-password-expansion-overflow(8936)

DEBIAN - DSA-128

BUGTRAQ - 20020425 [slackware-security] sudo upgrade fixes a potential vulnerability

BUGTRAQ - 20020425 Sudo version 1.6.6 now available (fwd)

CONECTIVA - CLA-2002:475

TRUSTIX - TSLSA-2002-0046


Last Updated: 27 May 2016 10:53:49