SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Sudo Vendors:   Miller, Todd C.
(Apple Issues Fix) Re: Sudo Utility Has Heap Overflow That May Let Local Users Execute Arbitrary Code with Root Privileges
SecurityTracker Alert ID:  1004471
SecurityTracker URL:  http://securitytracker.com/id/1004471
CVE Reference:   CVE-2002-0184   (Links to External Site)
Updated:  Nov 20 2003
Original Entry Date:  Jun 5 2002
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.6.5p2 and prior
Description:   A vulnerability has been reported in the sudo utility. A local user may be able to obtain root privileges.

Global InterSec reported an off-by-five heap overflow in 'sudo'. A local user can apparently call sudo with a specially formatted argument for the -p command line option to trigger the overflow. It is reported that sudo may not correctly allocate memory when parsing the '%h' (hostname) or '%u' (username) strings in the argument in some situations. A local user could potentially trigger the overflow and execute arbitrary code with root privileges.

The exact nature of the conditions required to exploit this flaw were not provided. However, it is reported that the compile-time options and the length of the hostname may affect whether the application is vulnerable or not.

Impact:   A local user may be able to execute arbitrary code with root privileges in certain situations.
Solution:   The vendor has released Mac OS X Update 10.1.5. It is available at:

- The Software Update pane in System Preferences
- Apple's Software Downloads web page: http://www.info.apple.com/support/downloads.html

Further details are available via the Apple Product Security web site:

http://www.apple.com/support/security/security_updates.html

Vendor URL:  www.courtesan.com/sudo/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (macOS/OS X)
Underlying OS Comments:  Prior to 10.1.5

Message History:   This archive entry is a follow-up to the message listed below.
Apr 25 2002 Sudo Utility Has Heap Overflow That May Let Local Users Execute Arbitrary Code with Root Privileges



 Source Message Contents

Subject:  Security enhancements in Mac OS X 10.1.5


-----BEGIN PGP SIGNED MESSAGE-----

Mac OS X Update 10.1.5 is now available and includes the following
security enhancements for your system:

* sudo - Fixes CAN-2002-0184, where a heap overflow in sudo may
allow local users to gain root privileges via special characters in
the -p (prompt) argument.

* sendmail - Fixes CVE-2001-0653, where an input validation error
exists in Sendmail's debugging functionality which could lead to a
system compromise.

Mac OS X Update 10.1.5 may be obtained  via: the Software Update pane
in System Preferences and will also be posted to Apple's Software
Downloads web page: http://www.info.apple.com/support/downloads.html

Further details are available via the Apple Product Security web site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3

iQEVAwUBPP5XICFlYNdE6F9oAQFBWAf/bkmo5lbMoHKfUyBMx4xS6WJ2Okq8FqBX
hqCnXrhbfAGbAjtGF7QqgcrJa9cjliJonFwxi6bSKgKdUEWlP8sXeBbUb+uMLe7b
JCL4isMTZnN0atkYq9YjrlIWYIh56GW3bUjKLANUR7IN0K0AWl11ARVw2zmz7KLm
ysWAHdZVOOJDqDQTqB0jze02BVggMi9sSkWz7G9xqY7Nnkuq/kxHi9FrjUhqs5To
JKpJxE0+w4A+VCaqlVaZvpHFt/BPzLBdhjNCBXCo4lXYFPuGzP+wogS4lHCFXDsE
rivSNxOdtXHePqSVce6hs+bHVckvAkQtivCd7rAnOlyiO4K/ZTi0qg==
=hQ72
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC