Bugtraq mailing list archives

Re: hole in sudo for MP-RAS.

From: Todd.Miller () COURTESAN COM (Todd C. Miller)
Date: Tue, 13 Jan 1998 08:41:26 -0700


Actually, that line should just be:
    if (strchr(cmnd, '/') == NULL)

This is fixed in version 1.5.4, available from:
    ftp://ftp.cs.colorado.edu/pub/sysadmin/sudo/cu-sudo.v1.5.4.tar.Z
    ftp://ftp.courtesan.com/pub/sudo/cu-sudo.v1.5.4.tar.Z (very slow link)

 - todd

Current thread:

bug in Solaris 2.6 security logging, (continued)
- - bug in Solaris 2.6 security logging Ruth Milner [VLA] (Jan 12)
  - Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
    - [SIGNED] Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
  - KSR[T] Advisory #6: deliver KSR[T] (Jan 12)
    - Re: KSR[T] Advisory #6: deliver Chip Salzenberg (Jan 12)
  - hole in sudo for MP-RAS. osiris () COURIER CB LUCENT COM (Jan 12)
    - Re: hole in sudo for MP-RAS. Cy Schubert - ITSD Open Systems Group (Jan 12)
    - Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
    - Re: hole in sudo for MP-RAS. Cy Schubert - ITSD Open Systems Group (Jan 12)
    - Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
    - Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 13)
    - Re: hole in sudo for MP-RAS. dsiebert () ICAEN UIOWA EDU (Jan 12)
    - Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
    - CPSN 9:971208: Solaris /var Permission Problems CPIO Advisory Role Account (Jan 12)
  - update on Solaris 2.6 security logging Ruth Milner [VLA] (Jan 12)
  - Q179129: STOP 0x0000000A Due to Modified Teardrop Attack Aleph One (Jan 12)
  - Netscape 4 DoS/Possibly exploitable buffer overflow. Laslo Orto (Jan 12)
- Addendum to FrontPage password issue joey () CORINNE CPIO ORG (Jan 09)