(Apple Issues Fix) Re: Sudo Utility Has Heap Overflow That May Let Local Users Execute Arbitrary Code with Root Privileges
|
|
SecurityTracker Alert ID: 1004471
|
|
CVE Reference: CVE-2002-0184
(Links to External Site)
|
Updated: Nov 20 2003
|
Original Entry Date: Jun 5 2002
|
Impact: Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 1.6.5p2 and prior
|
Description: A vulnerability has been reported in the sudo utility. A local user may be able to obtain root privileges.
Global InterSec reported an off-by-five heap overflow in 'sudo'. A local user can apparently call sudo with a specially formatted
argument for the -p command line option to trigger the overflow. It is reported that sudo may not correctly allocate memory when
parsing the '%h' (hostname) or '%u' (username) strings in the argument in some situations. A local user could potentially trigger
the overflow and execute arbitrary code with root privileges.
The exact nature of the conditions required to exploit this flaw
were not provided. However, it is reported that the compile-time options and the length of the hostname may affect whether the
application is vulnerable or not.
|
Impact: A local user may be able to execute arbitrary code with root privileges in certain situations.
|
Solution: The vendor has released Mac OS X Update 10.1.5. It is available at:
- The Software Update pane in System Preferences
- Apple's
Software Downloads web page: http://www.info.apple.com/support/downloads.html
Further details are available via the Apple Product
Security web site:
http://www.apple.com/support/security/security_updates.html
|
Vendor URL: www.courtesan.com/sudo/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: UNIX (OS X)
|
Underlying OS Comments: Prior to 10.1.5
|
Reported By: Product Security <product-security@apple.com>
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 5 Jun 2002 11:26:57 -0700
From: Product Security <product-security@apple.com>
Subject: Security enhancements in Mac OS X 10.1.5
|
-----BEGIN PGP SIGNED MESSAGE-----
Mac OS X Update 10.1.5 is now available and includes the following
security enhancements for your system:
* sudo - Fixes CAN-2002-0184, where a heap overflow in sudo may
allow local users to gain root privileges via special characters in
the -p (prompt) argument.
* sendmail - Fixes CVE-2001-0653, where an input validation error
exists in Sendmail's debugging functionality which could lead to a
system compromise.
Mac OS X Update 10.1.5 may be obtained via: the Software Update pane
in System Preferences and will also be posted to Apple's Software
Downloads web page: http://www.info.apple.com/support/downloads.html
Further details are available via the Apple Product Security web site:
http://www.apple.com/support/security/security_updates.html
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
iQEVAwUBPP5XICFlYNdE6F9oAQFBWAf/bkmo5lbMoHKfUyBMx4xS6WJ2Okq8FqBX
hqCnXrhbfAGbAjtGF7QqgcrJa9cjliJonFwxi6bSKgKdUEWlP8sXeBbUb+uMLe7b
JCL4isMTZnN0atkYq9YjrlIWYIh56GW3bUjKLANUR7IN0K0AWl11ARVw2zmz7KLm
ysWAHdZVOOJDqDQTqB0jze02BVggMi9sSkWz7G9xqY7Nnkuq/kxHi9FrjUhqs5To
JKpJxE0+w4A+VCaqlVaZvpHFt/BPzLBdhjNCBXCo4lXYFPuGzP+wogS4lHCFXDsE
rivSNxOdtXHePqSVce6hs+bHVckvAkQtivCd7rAnOlyiO4K/ZTi0qg==
=hQ72
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
|
|
