Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
References
Configurations
History
02 Feb 2024, 03:05
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-131 | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
References | () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475 - Broken Link, Third Party Advisory | |
References | () http://marc.info/?l=bugtraq&m=101974610509912&w=2 - Mailing List | |
References | () http://marc.info/?l=bugtraq&m=101975443619600&w=2 - Mailing List, Patch | |
References | () http://marc.info/?l=bugtraq&m=101979472822196&w=2 - Mailing List, Patch | |
References | () http://marc.info/?l=bugtraq&m=102010164413135&w=2 - Mailing List | |
References | () http://www.debian.org/security/2002/dsa-128 - Broken Link, Third Party Advisory | |
References | () http://www.linuxsecurity.com/advisories/other_advisory-2040.html - Broken Link, Patch, Vendor Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2002-071.html - Broken Link, Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2002-072.html - Broken Link, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/4593 - Broken Link, Third Party Advisory, VDB Entry |
01 Apr 2021, 12:58
Type | Values Removed | Values Added |
---|---|---|
References | (CERT-VN) http://www.kb.cert.org/vuls/id/820083 - Third Party Advisory, US Government Resource | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-072.html - Third Party Advisory | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=102010164413135&w=2 - Mailing List, Third Party Advisory | |
References | (XF) http://www.iss.net/security_center/static/8936.php - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/4593 - Third Party Advisory, VDB Entry | |
References | (MANDRAKE) http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-028.php3 - Broken Link | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=101979472822196&w=2 - Mailing List, Third Party Advisory | |
References | (CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475 - Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2002/dsa-128 - Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-071.html - Third Party Advisory | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=101974610509912&w=2 - Mailing List, Third Party Advisory | |
References | (SUSE) http://www.novell.com/linux/security/advisories/2002_014_sudo_txt.html - Broken Link | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=101975443619600&w=2 - Mailing List, Third Party Advisory | |
CWE | CWE-787 | |
CPE | cpe:2.3:a:todd_miller:sudo:1.6.3p4:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.3p7:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.3p5:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.4p1:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.3p6:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.3p3:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.5p2:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.5p1:*:*:*:*:*:*:* cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:* |
cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:* cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:* |
16 Mar 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. |
Information
Published : 2002-05-16 04:00
Updated : 2024-02-02 03:05
NVD link : CVE-2002-0184
Mitre link : CVE-2002-0184
CVE.ORG link : CVE-2002-0184
JSON object : View
Products Affected
debian
- debian_linux
sudo_project
- sudo
CWE
CWE-131
Incorrect Calculation of Buffer Size