Sudo vulnerability
Probably all interested parties are subscribed to the appropriate newsletters and it makes no sense to turn the blog into security-notifications, but nevertheless, the vulnerability in sudo 1.8.0 - 1.8.3p1 potentially allows you to run a root command to any local user who can run sudo. CVE-2012-0809
In FreeBSD, patches have already been patched , linups are still sleeping, and in the case of stable branches, they don’t care - the sudo 1.7 branch is not affected.
The error lies in passing vfprintf argv [0] to the debug output function.
Using the FORTIFY_SOURCE compilation key, you can complicate the exploitation of a bug; without it, the exploit is quite simple.
Original description .
In FreeBSD, patches have already been patched , linups are still sleeping, and in the case of stable branches, they don’t care - the sudo 1.7 branch is not affected.
The error lies in passing vfprintf argv [0] to the debug output function.
Using the FORTIFY_SOURCE compilation key, you can complicate the exploitation of a bug; without it, the exploit is quite simple.
Original description .
')
Source: https://habr.com/ru/post/137370/
All Articles