Home > Security > Advisories


Mandriva Advisories

Package name sudo
Date April 25th, 2002
Advisory ID MDKSA-2002:028
Affected versions 7.1, 7.2, 8.0, 8.1, 8.2, CS1.0
Synopsis Updated sudo packages fix heap corruption vulnerability

Problem Description

A problem was discovered by fc, with further research by Global
InterSec, in the sudo program with the password prompt parameter
(-p). Sudo can be tricked into allocating less memory than it should
for the prompt and in certain conditions it is possible to exploit this
flaw to corrupt the heap in such a way that could be used to execute
arbitary commands. Because sudo is generally suid root, this can lead
to an elevation of privilege for local users.

Updated Packages

Mandrakelinux 7.1

 2214bb7c879f0c34425d379795a447ee  7.1/RPMS/sudo-1.6.4-3.1mdk.i586.rpm
552ef456ff9fd4028bd8371b808adae6  7.1/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

Mandrakelinux 7.2

 53cd161682fc5ec047bbab190037e7cb  7.2/RPMS/sudo-1.6.4-3.1mdk.i586.rpm
552ef456ff9fd4028bd8371b808adae6  7.2/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

Mandrakelinux 8.0

 a35538cd7efe7c9a34a6dc81b767e3ea  8.0/RPMS/sudo-1.6.4-3.1mdk.i586.rpm
552ef456ff9fd4028bd8371b808adae6  8.0/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

Mandrakelinux 8.0/PPC

 867b935b9e39afaca5535c25673f2860  ppc/8.0/RPMS/sudo-1.6.4-3.1mdk.ppc.rpm
552ef456ff9fd4028bd8371b808adae6  ppc/8.0/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

Mandrakelinux 8.1

 d6cccdaaca2a338bcd75290bef1c3440  8.1/RPMS/sudo-1.6.4-3.1mdk.i586.rpm
552ef456ff9fd4028bd8371b808adae6  8.1/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

Mandrakelinux 8.1/IA64

 80e0441fe8ebdd804adbe0fb3127c950  ia64/8.1/RPMS/sudo-1.6.4-3.1mdk.ia64.rpm
552ef456ff9fd4028bd8371b808adae6  ia64/8.1/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

Mandrakelinux 8.2

 752d02e218508c12a3d4500e3c8fe842  8.2/RPMS/sudo-1.6.4-3.1mdk.i586.rpm
552ef456ff9fd4028bd8371b808adae6  8.2/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 fa9ee180fdf44ed92f9c27ee96096471  ppc/8.2/RPMS/sudo-1.6.4-3.1mdk.ppc.rpm
552ef456ff9fd4028bd8371b808adae6  ppc/8.2/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

Corporate Server 1.0.1

 2214bb7c879f0c34425d379795a447ee  1.0.1/RPMS/sudo-1.6.4-3.1mdk.i586.rpm
552ef456ff9fd4028bd8371b808adae6  1.0.1/SRPMS/sudo-1.6.4-3.1mdk.src.rpm




To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.