Mandrake Linux Security Advisory : sudo (MDKSA-2002:028)
High Nessus Plugin ID 13935
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA problem was discovered by fc, with further research by Global InterSec, in the sudo program with the password prompt parameter (-p).
Sudo can be tricked into allocating less memory than it should for the prompt and in certain conditions it is possible to exploit this flaw to corrupt the heap in such a way that could be used to execute arbitary commands. Because sudo is generally suid root, this can lead to an elevation of privilege for local users.
SolutionUpdate the affected sudo package.