Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
References
Configurations
History
02 Feb 2024, 03:05
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
CWE | CWE-131 | |
References | (ENGARDE) http://www.linuxsecurity.com/advisories/other_advisory-2040.html - Broken Link, Patch, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/4593 - Broken Link, Third Party Advisory, VDB Entry | |
References | (CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475 - Broken Link, Third Party Advisory | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=101979472822196&w=2 - Mailing List, Patch | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-071.html - Broken Link, Third Party Advisory | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=101975443619600&w=2 - Mailing List, Patch | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-072.html - Broken Link, Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2002/dsa-128 - Broken Link, Third Party Advisory |
Information
Published : 2002-05-16 04:00
Updated : 2024-02-28 10:24
NVD link : CVE-2002-0184
Mitre link : CVE-2002-0184
CVE.ORG link : CVE-2002-0184
JSON object : View
Products Affected
sudo_project
- sudo
debian
- debian_linux
CWE
CWE-131
Incorrect Calculation of Buffer Size