7.2
CVSSv2

CVE-2002-0184

Published: 16/05/2002 Updated: 18/10/2016
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Heap-based buffer overflow in sudo prior to 1.6.6 may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

Vulnerable Product Search on Vulmon Subscribe to Product

todd miller sudo 1.5.9

todd miller sudo 1.6

todd miller sudo 1.6.1

todd miller sudo 1.6.2

todd miller sudo 1.6.3

todd miller sudo 1.6.3p1

todd miller sudo 1.6.3p2

todd miller sudo 1.6.3p3

todd miller sudo 1.6.3p4

todd miller sudo 1.6.3p5

todd miller sudo 1.6.3p6

todd miller sudo 1.6.3p7

todd miller sudo 1.6.4

todd miller sudo 1.6.4p1

todd miller sudo 1.6.4p2

todd miller sudo 1.6.5

todd miller sudo 1.6.5p1

todd miller sudo 1.6.5p2

Vendor Advisories

fc found a buffer overflow in the variable expansion code used by sudo for its prompt Since sudo is necessarily installed suid root a local user can use this to gain root access This has been fixed in version 162-22 for the stable distribution of Debian and version 166-1 for the testing/unstable distribution We recommend that you upgrade yo ...

Exploits

source: wwwsecurityfocuscom/bid/4593/info Sudo is a widely used Linux/Unix utility allow users to securely run commands as other users Sudo is vulnerable to a heap overflow condition related to it's customizable password prompt feature The nature of the sudo utility requires that it be installed setuid root Successful exploitation may ...