A single-byte heap corruption bug exists in sudo versions 1.6.3p5 and below. Exploitation of the bug requires in-depth knowledge of the system malloc internals. The bug has been exploited on Linux and can allow an attacker to gain root privileges. No known exploits exist for other operating systems but this should not be considered a Linux-only problem.
Sudo versions affected: 1.3.0 - 1.6.3p5 (inclusive)
Details: When given a sufficiently long command line argument, sudo will write a single NUL byte past the end of a buffer allocated via malloc().
... ➦