漏洞信息详情
Sudo 缓冲区错误漏洞
- CNNVD编号:CNNVD-200205-046
- 危害等级: 高危
![图片[1]-Sudo 缓冲区错误漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-16/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2002-0184
- 漏洞类型:
缓冲区错误
- 发布时间:
2002-04-25
- 威胁类型:
本地
- 更新时间:
2021-04-02
- 厂 商:
todd_miller - 漏洞来源:
Global InterSec Re… -
漏洞简介
Sudo是一款使用于类Unix系统的,允许用户通过安全的方式使用特殊的权限执行命令的程序。
Sudo before 1.6.6 存在安全漏洞。该漏洞导致基于堆的缓冲区溢出,允许本地用户通过参数中的特殊字符获得root权限。
漏洞公告
临时解决方法:
如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 使用chmod a-s去掉sudo的S位,或者清空/etc/sudoers中的所有条目。
厂商补丁:
Todd Miller
———–
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Todd Miller Sudo 1.6:
Todd Miller Upgrade sudo-1.6.6.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz
Todd Miller Sudo 1.6.1:
Todd Miller Upgrade sudo-1.6.6.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz
Todd Miller Sudo 1.6.2:
Todd Miller Upgrade sudo-1.6.6.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz
Debian Upgrade sudo_1.6.2p2-2.2_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/sudo_1.6.2p2-2.2_alpha.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-alpha/sudo_1.6.2p2-2.2_alpha.deb
Debian Upgrade sudo_1.6.2p2-2.2_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/sudo_1.6.2p2-2.2_arm.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-arm/sudo_1.6.2p2-2.2_arm.deb
Debian Upgrade sudo_1.6.2p2-2.2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/sudo_1.6.2p2-2.2_i386.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-i386/sudo_1.6.2p2-2.2_i386.deb
Debian Upgrade sudo_1.6.2p2-2.2_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/sudo_1.6.2p2-2.2_m68k.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-m68k/sudo_1.6.2p2-2.2_m68k.deb
Debian Upgrade sudo_1.6.2p2-2.2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/sudo_1.6.2p2-2.2_powerpc.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-powerpc/sudo_1.6.2p2-2.2_powerpc.deb
Debian Upgrade sudo_1.6.2p2-2.2_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/sudo_1.6.2p2-2.2_sparc.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-sparc/sudo_1.6.2p2-2.2_sparc.deb
Todd Miller Sudo 1.6.3 p7:
Slackware Patch sudo.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/sudo.tgz
Slackware 8.0.
Todd Miller Upgrade sudo-1.6.6.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz
Todd Miller Sudo 1.6.3 p6:
Todd Miller Upgrade sudo-1.6.6.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz
Todd Miller Sudo 1.6.3 p5:
Todd Miller Upgrade sudo-1.6.6.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz
Todd Miller Sudo 1.6.3 p4:
Slackware Patch sudo.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-7.1/patches/packages/sudo.tgz
Slackware 7.1.
Todd Miller Upgrade sudo-1.6.6.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz
Todd Miller Sudo 1.6.3 p3:
Todd Miller Upgrade sudo-1.6.6.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz
Todd Miller Sudo 1.6.3 p2:
Todd Miller Upgrade sudo-1.6.6.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz
Todd Miller Sudo 1.6.3 p1:
Todd Miller Upgrade sudo-1.6.6.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz
Todd Miller Sudo 1.6.3:
Todd Miller Upgrade sudo-1.6.6.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz
Todd Miller Sudo 1.6.4 p2:
Todd Miller Upgrade sudo-1.6.6.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.6.tar.gz
Todd Miller Sudo 1.6.4 p1:
Conectiva Upgrade sudo-1.6.6-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/sudo-1.6.6-1U50_1cl.i386.rpm
Conectiva Upgrade sudo-1.6.6-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/sudo-1.6.6-1U50_1cl.src.rpm
Source RPM.
Conectiva Upgrade sudo-1.6.6-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/sudo-1.6.6-1U50_1cl.src.rpm
Source RPM.
Conectiva Upgrade sudo-1.6.6-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/sudo-1.6.6-1U50_1cl.src.rpm
Source RPM.
Conectiva Upgrade sudo-1.6.6-1U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/sudo-1.6.6-1U51_1cl.i386.rpm
Conectiva Upgrade sudo-1.6.6-1U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/sudo-1.6.6-1U51_1cl.src.rpm
Source RPM.
Conectiva Upgrade sudo-1.6.6-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/sudo-1.6.6-1U60_1cl.i386.rpm
Conectiva Upgrade sudo-1.6.6-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/sudo-1.6.6-1U60_1cl.src.rpm
Source RPM.
Conectiva Upgrade sudo-1.6.6-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sudo-1.6.6-1U70_1cl.i386.rpm
Conectiva Upgrade sudo-1.6.6-1U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/sudo-1.6.6-1U70_1cl.src.rpm
Source RPM.
Conectiva Upgrade sudo-1.6.6-1U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/sudo-1.6.6-1U8_1cl.i386.rpm
Conectiva Upgrade sudo-1.6.6-1U8_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/sudo-1.6.6-1U8_1cl.src.rpm
Source RPM.
Conectiva Upgrade sudo-doc-1.6.6-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/sudo-doc-1.6.6-1U50_1cl.i386.rpm
Conectiva Upgrade sudo-doc-1.6.6-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/sudo-doc-1.6.6-1U50_1cl.i386.rpm
Conectiva Upgrade sudo-doc-1.6.6-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/sudo-d
参考网址
来源:BUGTRAQ
链接:http://marc.info/?l=bugtraq&m=101975443619600&w=2
来源:CERT-VN
链接:http://www.kb.cert.org/vuls/id/820083
来源:BID
链接:https://www.securityfocus.com/bid/4593
来源:DEBIAN
链接:https://www.debian.org/security/2002/dsa-128
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2002-072.html
来源:SUSE
链接:http://www.novell.com/linux/security/advisories/2002_014_sudo_txt.html
来源:CONECTIVA
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475
来源:BUGTRAQ
链接:http://marc.info/?l=bugtraq&m=101979472822196&w=2
来源:MANDRAKE
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-028.php3
来源:ENGARDE
链接:http://www.linuxsecurity.com/advisories/other_advisory-2040.html
来源:XF
链接:http://www.iss.net/security_center/static/8936.php
来源:BUGTRAQ
链接:http://marc.info/?l=bugtraq&m=101974610509912&w=2
来源:BUGTRAQ
链接:http://marc.info/?l=bugtraq&m=102010164413135&w=2
来源:REDHAT
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
