The bug was fixed in sudo 1.6.3p6. There was an announcement on the sudo-announce list quite a while ago. The bug was thought to be unexploitable but someone did manage to exploit it on Linux. It's not really a buffer overflow, it's a (single byte) heap corruption that requires intimate knowledge of libc's malloc internals to exploit. - todd