Debian Security Advisory

DSA-031-2 sudo -- buffer overflow

Date Reported:
28 Feb 2001
Affected Packages:
sudo
Vulnerable:
Yes
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 2829.
In Mitre's CVE dictionary: CVE-2001-0279.
More information:
Todd Miller announced a new version of sudo which corrects a buffer overflow that could potentially be used to gain root privileges on the local system. The fix from sudo 1.6.3p6 is available in sudo 1.6.2p2-1potato1 for Debian 2.2 (potato).
Fixed in:

Debian 2.2 (potato)

Source:
http://security.debian.org/debian-security/dists/stable/updates/main/source/sudo_1.6.2p2-1potato1.diff.gz
http://security.debian.org/debian-security/dists/stable/updates/main/source/sudo_1.6.2p2-1potato1.dsc
http://security.debian.org/debian-security/dists/stable/updates/main/source/sudo_1.6.2p2.orig.tar.gz
alpha:
http://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/sudo_1.6.2p2-1potato1_alpha.deb
arm:
http://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/sudo_1.6.2p2-1potato1_arm.deb
i386:
http://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/sudo_1.6.2p2-1potato1_i386.deb
m68k:
http://security.debian.org/debian-security/dists/stable/updates/main/binary-m68k/sudo_1.6.2p2-1potato1_m68k.deb
powerpc:
http://security.debian.org/debian-security/dists/stable/updates/main/binary-powerpc/sudo_1.6.2p2-1potato1_powerpc.deb
sparc:
http://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/sudo_1.6.2p2-1potato1_sparc.deb