Mandrake Linux Security Advisory : sudo (MDKSA-2002:028)

High Nessus Plugin ID 13935


The remote Mandrake Linux host is missing a security update.


A problem was discovered by fc, with further research by Global InterSec, in the sudo program with the password prompt parameter (-p).
Sudo can be tricked into allocating less memory than it should for the prompt and in certain conditions it is possible to exploit this flaw to corrupt the heap in such a way that could be used to execute arbitary commands. Because sudo is generally suid root, this can lead to an elevation of privilege for local users.


Update the affected sudo package.

See Also

Plugin Details

Severity: High

ID: 13935

File Name: mandrake_MDKSA-2002-028.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2004/07/31

Modified: 2013/08/09

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:sudo, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0, cpe:/o:mandrakesoft:mandrake_linux:8.1, cpe:/o:mandrakesoft:mandrake_linux:8.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2002/04/25

Reference Information

CVE: CVE-2002-0184

MDKSA: 2002:028