Buffer overflow in sudo?

Todd C. Miller Todd.Miller at courtesan.com
Mon Jul 9 11:29:55 EDT 2001

The bug was fixed in sudo 1.6.3p6.  There was an announcement on
the sudo-announce list quite a while ago.  The bug was thought to
be unexploitable but someone did manage to exploit it on Linux.
It's not really a buffer overflow, it's a (single byte) heap
corruption that requires intimate knowledge of libc's malloc
internals to exploit.

 - todd

More information about the sudo-users mailing list