SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Sudo Vendors:   Miller, Todd C.
(Fix Available for Mac OS X) Re: Sudo Administration Utility May Give Local Users Root-Level Access
SecurityTracker Alert ID:  1001466
SecurityTracker URL:  http://securitytracker.com/id/1001466
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 2 2001
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  
Version(s): prior to version 1.6.3p6
Description:   The Sudo super user administration utility contains a vulnerability that allows a local user to execute arbitrary shell code on the server leading to root-level access.

Sudo is an application that is, by design, installed with set userid (suid) privileges. It is intended to allow a local user to execute certain commands under the privileges of another user (such as root) while providing command logging. The logging code reportedly contains a a buffer overflow.

A fix is available for Mac OS X. However, Apple's just released version Mac OS X 10.0.2 (May 1, 2001) does not contain the fixed version of sudo. See the Solution section for more information on how to apply the fix.

Impact:   A local user could execute arbitrary shell code on the server leading to root-level access.
Solution:   For information on how to apply the fix, please read: http://www.securemac.com/macosxsudo.cfm
Vendor URL:  www.courtesan.com/sudo/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Apple (Legacy "classic" Mac)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 19 2001 Sudo Administration Utility May Give Local Users Root-Level Access



 Source Message Contents

Subject:  Sudo in Mac OS X contains buffer overflow


securemac - http://www.securemac.com/

--------------------------- ListBot Sponsor --------------------------
Get greater financial power with NextCard(r)Visa(r) 
Transfer balances to an APR as low as 2.99% Intro or 9.99% Ongoing. 
24-hour online account management and Rewards Points for every 
dollar you spend. APPLY NOW!

http://www.bcentral.com/listbot/NextCard
----------------------------------------------------------------------

Sudo in Mac OS X contains buffer overflow
http://www.securemac.com/macosxsudo.cfm

The sudo package that works with most all unix based operating systems has
been found to contain a buffer overflow in versions prior to 1.6.3.7.

Mac OS X still contains a vulnerable version of sudo. There has been a fix
available and is now out for Mac OS X. Although Apple just released Mac OS
X 10.0.2 (May 1st 2001) it does not contain the fixed version of sudo. To
read up more about this -  the vulnerability, and the fix visit the page
above.

This is one of the first noted software package for the unix operating
system that is also vulnerable on the Mac OS X. We are sure to find more
and security for Mac OS X will be more of a issue.

SM


______________________________________________________________________
To unsubscribe, write to securemac-unsubscribe@listbot.com



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC