SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Sudo Vendors:   Miller, Todd C.
(Apple Releases Mac OS X Fix) Re: Sudo Administration Utility May Give Local Users Root-Level Access
SecurityTracker Alert ID:  1001850
SecurityTracker URL:  http://securitytracker.com/id/1001850
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 27 2001
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to version 1.6.3p6
Description:   The Sudo super user administration utility contains a vulnerability that allows a local user to execute arbitrary shell code on the server leading to root-level access.

Sudo is an application that is, by design, installed with set userid (suid) privileges. It is intended to allow a local user to execute certain commands under the privileges of another user (such as root) while providing command logging.

The logging code reportedly contains a a buffer overflow.

Impact:   A local user could execute arbitrary shell code on the server leading to root-level access.
Solution:   Apple has released a fix in Mac OS X 10.0.4. Visit http://asu.info.apple.com/ to obtain the update.
Vendor URL:  www.courtesan.com/sudo/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Apple (Legacy "classic" Mac)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 19 2001 Sudo Administration Utility May Give Local Users Root-Level Access



 Source Message Contents

Subject:  Apple releases sudo fix


* sudo -- Fixes the buffer overflow vulnerability described in
FreeBSD-SA-01:38 

Released in Mac OS X 10.0.4


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC