Detections
Analytics
Mandrake Linux Security Advisory : sudo (MDKSA-2002:028)
high Nessus Plugin ID 13935
Synopsis
The remote Mandrake Linux host is missing a security update.Description
A problem was discovered by fc, with further research by Global InterSec, in the sudo program with the password prompt parameter (-p).Sudo can be tricked into allocating less memory than it should for the prompt and in certain conditions it is possible to exploit this flaw to corrupt the heap in such a way that could be used to execute arbitary commands. Because sudo is generally suid root, this can lead to an elevation of privilege for local users.
Solution
Update the affected sudo package.See Also
http://attrition.org/security/advisory/misc/gis-20020401701.sudo
Plugin Details
Severity: High
ID: 13935
File Name: mandrake_MDKSA-2002-028.nasl
Version: 1.17
Type: local
Family: Mandriva Local Security Checks
Published: 7/31/2004
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:sudo, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0, cpe:/o:mandrakesoft:mandrake_linux:8.1, cpe:/o:mandrakesoft:mandrake_linux:8.2
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 4/25/2002
Reference Information
CVE: CVE-2002-0184
MDKSA: 2002:028