Mandrake Linux Security Advisory : sudo (MDKSA-2002:028)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

A problem was discovered by fc, with further research by Global
InterSec, in the sudo program with the password prompt parameter (-p).
Sudo can be tricked into allocating less memory than it should for the
prompt and in certain conditions it is possible to exploit this flaw
to corrupt the heap in such a way that could be used to execute
arbitary commands. Because sudo is generally suid root, this can lead
to an elevation of privilege for local users.

See also :

http://attrition.org/security/advisory/misc/gis-20020401701.sudo

Solution :

Update the affected sudo package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13935 (mandrake_MDKSA-2002-028.nasl)

Bugtraq ID:

CVE ID: CVE-2002-0184

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now