First Last Prev Next    This bug is not in your last search results.
Bug 27 - Possible Buffer Overflow in sudo
Possible Buffer Overflow in sudo
Status: RESOLVED FIXED
Product: Sudo
Classification: Unclassified
Component: Sudo
1.6.3
All Other
: normal security
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2001-02-19 07:05 MST by chris
Modified: 2001-02-19 12:16 MST (History)
0 users

See Also:

Attachments
Fix for segv on very long command line argument (739 bytes, patch)
2001-02-19 08:08 MST, Todd C. Miller 		Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description chris 2001-02-19 07:05:03 MST 
By starting sudo with a long command line, it can be made to cause a segmentation fault.
This is not obviously exploitable, since IP is not changed, but I think the stack is damaged.
For example:
  sudo /bin/true `perl -e 'print "A"x4000'`
On sudo 1.6.1, seems to require 20,000 A's.
However, does not seem to allow user to bypass sudoers restrictions,
so unless they have the ability to use sudo to run at least one command,
this could not be exploited.
sudo 1.6.1 on redhat 6.2
sudo 1.6.3 on redhat 7.0
Comment 1 Todd C. Miller 2001-02-19 08:08:59 MST 
Created attachment 2 [details]
Fix for segv on very long command line argument
Comment 2 Todd C. Miller 2001-02-19 08:16:59 MST 
I'm going to roll out sudo 1.6.3p6 with the patch.
First Last Prev Next    This bug is not in your last search results.