Re: [synnergy] - Sudo Vudo

[teg () redhat com (Trond Eivind Glomsrød)]

Michel Kaempf <maxx () synnergy net> writes:

> -[ Vudo - An object superstitiously believed to embody magical powers ]-
>
> --------------[ Michel "MaXX" Kaempf <maxx () synnergy net> ]--------------
> ----------------[ Copyright (C) 2001 Synnergy Networks ]----------------
>
>
> --[ 0x00 - Introduction ]-----------------------------------------------
>
> Sudo (superuser do) allows a system administrator to give certain users
> (or groups of users) the ability to run some (or all) commands as root
> or another user while logging the commands and arguments.
> -- http://www.courtesan.com/sudo/index.html
>
> On February 19, 2001, Sudo version 1.6.3p6 was released: "This fixes
> a potential security problem. So far, the bug does not appear to be
> exploitable." Despite the comments sent to various security mailing
> lists after the announce of the new Sudo version, the bug is not a
> buffer overflow and the bug does not damage the stack.
>
> But the bug is exploitable: even a single byte located somewhere in the
> heap, erroneously overwritten by a NUL byte before a call to syslog(3)
> and immediately restored after the syslog(3) call, may actually lead to
> execution of code as root. A working exploit for Red Hat Linux/Intel 6.2
> (Zoot) sudo-1.6.1-1 is attached at the end of this email and a complete
> research paper on this issue and on general heap corruption techniques
> will be released soon.

Sudo was not part of the main Red Hat Linux 6.2 distribution, but was
part of powertools. 1.6.3p6 was released as as a security errata
earlier this year:

http://www.redhat.com/support/errata/RHSA-2001-019.html
 

-- 
Trond Eivind Glomsrød
Red Hat, Inc.