A single-byte heap corruption bug exists in sudo versions 1.6.3p5 and below. Exploitation of the bug requires in-depth knowledge of the system malloc internals. The bug has been exploited on Linux and can allow an attacker to gain root privileges. No known exploits exist for other operating systems but this should not be considered a Linux-only problem.
1.3.0 - 1.6.3p5 (inclusive)
When given a sufficiently long command line argument, sudo will write
a single NUL byte past the end of a buffer allocated via
Based on the length of the command line argument it is possible to
place the NUL byte at a location of the attacker’s choice. This has
been exploited on Linux to grant an attacker root privileges.