Bugtraq mailing list archives
Re: [synnergy] - Sudo Vudo
From: teg () redhat com (Trond Eivind Glomsrød)
Date: 06 Jun 2001 18:03:44 -0400
Michel Kaempf <maxx () synnergy net> writes:
-[ Vudo - An object superstitiously believed to embody magical powers ]- --------------[ Michel "MaXX" Kaempf <maxx () synnergy net> ]-------------- ----------------[ Copyright (C) 2001 Synnergy Networks ]---------------- --[ 0x00 - Introduction ]----------------------------------------------- Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while logging the commands and arguments. -- http://www.courtesan.com/sudo/index.html On February 19, 2001, Sudo version 1.6.3p6 was released: "This fixes a potential security problem. So far, the bug does not appear to be exploitable." Despite the comments sent to various security mailing lists after the announce of the new Sudo version, the bug is not a buffer overflow and the bug does not damage the stack. But the bug is exploitable: even a single byte located somewhere in the heap, erroneously overwritten by a NUL byte before a call to syslog(3) and immediately restored after the syslog(3) call, may actually lead to execution of code as root. A working exploit for Red Hat Linux/Intel 6.2 (Zoot) sudo-1.6.1-1 is attached at the end of this email and a complete research paper on this issue and on general heap corruption techniques will be released soon.
Sudo was not part of the main Red Hat Linux 6.2 distribution, but was part of powertools. 1.6.3p6 was released as as a security errata earlier this year: http://www.redhat.com/support/errata/RHSA-2001-019.html -- Trond Eivind Glomsrød Red Hat, Inc.
Current thread:
- [synnergy] - Sudo Vudo Michel Kaempf (Jun 06)
- Re: [synnergy] - Sudo Vudo Trond Eivind Glomsrød (Jun 07)