Bug 27

Summary: Possible Buffer Overflow in sudo
Product: Sudo Reporter: chris
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: security    
Priority: normal    
Version: 1.6.3   
Hardware: All   
OS: Other   
Attachments: Fix for segv on very long command line argument

Description chris 2001-02-19 07:05:03 MST 
By starting sudo with a long command line, it can be made to cause a segmentation fault.
This is not obviously exploitable, since IP is not changed, but I think the stack is damaged.
For example:
  sudo /bin/true `perl -e 'print "A"x4000'`
On sudo 1.6.1, seems to require 20,000 A's.
However, does not seem to allow user to bypass sudoers restrictions,
so unless they have the ability to use sudo to run at least one command,
this could not be exploited.
sudo 1.6.1 on redhat 6.2
sudo 1.6.3 on redhat 7.0
Comment 1 Todd C. Miller 2001-02-19 08:08:59 MST 
Created attachment 2 [details]
Fix for segv on very long command line argument
Comment 2 Todd C. Miller 2001-02-19 08:16:59 MST 
I'm going to roll out sudo 1.6.3p6 with the patch.