Debian Security Advisory DSA 128-1 (sudo) Network Vulnerability

Summary

The remote host is missing an update to sudo announced via advisory DSA 128-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20128-1

Insight

fc found a buffer overflow in the variable expansion code used by sudo for its prompt. Since sudo is necessarily installed suid root a local user can use this to gain root access. This has been fixed in version 1.6.2-2.2 and we recommend that you upgrade

Severity

Classification

CVE CVE-2002-0184
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1018-1 (kernel-source-2.4.27)
Debian Security Advisory DSA 030-1 (xfree86-1)
Debian Security Advisory DSA 1030-1 (moodle)
Debian Security Advisory DSA 1031-1 (cacti)
Debian Security Advisory DSA 032-1 (proftpd)

Take action and discover your vulnerabilities