Debian DSA-128-1 : sudo - buffer overflow

fc found a buffer overflow in the variable expansion code used by sudo for its prompt. Since sudo is necessarily installed suid root a local user can use this to gain root access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Mandrake Linux Security Advisory : sudo (MDKSA-2002:028)

A problem was discovered by fc, with further research by Global InterSec, in the sudo program with the password prompt parameter -p. Sudo can be tricked into allocating less memory than it should for the prompt and in certain conditions it is possible to exploit this flaw to corrupt the heap in...

CVE-2002-0184

Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p prompt argument, which are not properly expanded...

CVE-2002-0184

The CVE-2002-0184 entry describes a local privilege-escalation in sudo prior to version 1.6.6 due to an off-by-one/doorknob in the heap-based overflow during prompt ( -p ) handling. The flaw is triggered by special characters in the -p prompt, which are not properly expanded, allowing a local use...