search menu icon-carat-right cmu-wordmark

CERT Coordination Center

sudo vulnerable to heap corruption via -p parameter

Vulnerability Note VU#820083

Original Release Date: 2002-04-26 | Last Revised: 2002-04-26

Overview

Sudo is susceptible to a locally exploitable heap overflow vulnerability.

Description

Sudo is a common utility used to allow a system administrator to give users or groups of users rights to run certain programs as root or as another user. A locally exploitable heap overflow can lead to the execution of arbitrary code by a local attacker.

Impact

A local attacker can execute arbitrary code as root.

Solution

Apply a patch from your vendor.

Vendor Information

820083
 

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This document was written by Ian A. Finlay.

Other Information

CVE IDs: CVE-2002-0184
Severity Metric: 15.75
Date Public: 2002-04-25
Date First Published: 2002-04-26
Date Last Updated: 2002-04-26 17:27 UTC
Document Revision: 13

Sponsored by CISA.