SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Sudo Vendors:   Miller, Todd C.
(Fix Available for Mac OS X) Re: Sudo Administration Utility May Give Local Users Root-Level Access
SecurityTracker Alert ID:  1001466
SecurityTracker URL:  http://securitytracker.com/id/1001466
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 2 2001
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  
Version(s): prior to version 1.6.3p6
Description:   The Sudo super user administration utility contains a vulnerability that allows a local user to execute arbitrary shell code on the server leading to root-level access.

Sudo is an application that is, by design, installed with set userid (suid) privileges. It is intended to allow a local user to execute certain commands under the privileges of another user (such as root) while providing command logging. The logging code reportedly contains a a buffer overflow.

A fix is available for Mac OS X. However, Apple's just released version Mac OS X 10.0.2 (May 1, 2001) does not contain the fixed version of sudo. See the Solution section for more information on how to apply the fix.
Impact:   A local user could execute arbitrary shell code on the server leading to root-level access.
Solution:   For information on how to apply the fix, please read: http://www.securemac.com/macosxsudo.cfm
Vendor URL:  www.courtesan.com/sudo/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   MacOS

Message History:   This archive entry is a follow-up to the message listed below.
Apr 19 2001 Sudo Administration Utility May Give Local Users Root-Level Access


 Source Message Contents
Date:  2 May 2001 06:17:57 -0000
Subject:  Sudo in Mac OS X contains buffer overflow


securemac - http://www.securemac.com/

--------------------------- ListBot Sponsor --------------------------
Get greater financial power with NextCard(r)Visa(r) 
Transfer balances to an APR as low as 2.99% Intro or 9.99% Ongoing. 
24-hour online account management and Rewards Points for every 
dollar you spend. APPLY NOW!

http://www.bcentral.com/listbot/NextCard
----------------------------------------------------------------------

Sudo in Mac OS X contains buffer overflow
http://www.securemac.com/macosxsudo.cfm

The sudo package that works with most all unix based operating systems has
been found to contain a buffer overflow in versions prior to 1.6.3.7.

Mac OS X still contains a vulnerable version of sudo. There has been a fix
available and is now out for Mac OS X. Although Apple just released Mac OS
X 10.0.2 (May 1st 2001) it does not contain the fixed version of sudo. To
read up more about this -  the vulnerability, and the fix visit the page
above.

This is one of the first noted software package for the unix operating
system that is also vulnerable on the Mac OS X. We are sure to find more
and security for Mac OS X will be more of a issue.

SM


______________________________________________________________________
To unsubscribe, write to securemac-unsubscribe@listbot.com


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC