Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [synnergy] - Sudo Vudo
From: teg () redhat com (Trond Eivind Glomsrød)
Date: 06 Jun 2001 18:03:44 -0400

Michel Kaempf <maxx () synnergy net> writes:

-[ Vudo - An object superstitiously believed to embody magical powers ]-

--------------[ Michel "MaXX" Kaempf <maxx () synnergy net> ]--------------
----------------[ Copyright (C) 2001 Synnergy Networks ]----------------


--[ 0x00 - Introduction ]-----------------------------------------------

Sudo (superuser do) allows a system administrator to give certain users
(or groups of users) the ability to run some (or all) commands as root
or another user while logging the commands and arguments.
-- http://www.courtesan.com/sudo/index.html

On February 19, 2001, Sudo version 1.6.3p6 was released: "This fixes
a potential security problem. So far, the bug does not appear to be
exploitable." Despite the comments sent to various security mailing
lists after the announce of the new Sudo version, the bug is not a
buffer overflow and the bug does not damage the stack.

But the bug is exploitable: even a single byte located somewhere in the
heap, erroneously overwritten by a NUL byte before a call to syslog(3)
and immediately restored after the syslog(3) call, may actually lead to
execution of code as root. A working exploit for Red Hat Linux/Intel 6.2
(Zoot) sudo-1.6.1-1 is attached at the end of this email and a complete
research paper on this issue and on general heap corruption techniques
will be released soon.

Sudo was not part of the main Red Hat Linux 6.2 distribution, but was
part of powertools. 1.6.3p6 was released as as a security errata
earlier this year:

http://www.redhat.com/support/errata/RHSA-2001-019.html
 

-- 
Trond Eivind Glomsrød
Red Hat, Inc.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]