Vulnerability Name:

CVE-2001-0279 (CCN-6153)

Assigned:2001-02-26
Published:2001-02-26
Updated:2008-09-05
Summary:Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-01:38
sudo contains local buffer overflow

Source: BUGTRAQ
Type: Patch
20010222 Sudo version 1.6.3p6 now available (fwd)

Source: CCN
Type: BugTraq Mailing List, Thu Feb 22 2001 - 18:53:18 CST
Sudo version 1.6.3p6 now available (fwd)

Source: BUGTRAQ
Type: UNKNOWN
20010226 Trustix Security Advisory - sudo

Source: BUGTRAQ
Type: UNKNOWN
20010225 [slackware-security] buffer overflow in sudo fixed

Source: CCN
Type: Immunix OS Security Advisory IMNX-2001-70-004-01
sudo

Source: MITRE
Type: CNA
CVE-2001-0279

Source: CONECTIVA
Type: UNKNOWN
CLA-2001:381

Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:381
Local buffer overflow in the sudo program

Source: CCN
Type: Sudo Web site
Sudo Main Page

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-031

Source: DEBIAN
Type: DSA-031
sudo -- buffer overflow

Source: MANDRAKE
Type: Patch, Vendor Advisory
MDKSA-2001:024

Source: CCN
Type: OSVDB ID: 5688
sudo Long Argument Local Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2001:018

Source: REDHAT
Type: UNKNOWN
RHSA-2001:019

Source: CCN
Type: BID-2829
Sudo Heap Corruption Vulnerability

Source: CCN
Type: Slackware Security Advisory Sun, 25 Feb 2001 12:03:42 -0800 (PST)
buffer overflow in sudo fixed

Source: CCN
Type: SuSE Security Announcement SuSE-SA:2001:013
sudo

Source: CCN
Type: MandrakeSoft Security Advisory MDKSA-2001:024
sudo

Source: XF
Type: UNKNOWN
sudo-bo-elevate-privileges(6153)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:slackware:slackware_linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:connectiva:linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    debian debian linux 2.2
    mandrakesoft mandrake linux 7.1
    mandrakesoft mandrake linux 7.2
    mandrakesoft mandrake linux corporate server 1.0.1
    slackware slackware linux *
    suse suse linux 6.2
    suse suse linux 6.3
    suse suse linux 6.4
    debian debian linux 2.2
    mandrakesoft mandrake linux 7.0
    suse suse linux 6.1
    mandrakesoft mandrake linux 7.1
    connectiva linux -
    freebsd freebsd 3.5.1
    suse suse linux 7.0
    mandrakesoft mandrake linux corporate server 1.0.1
    freebsd freebsd 4.2
    trustix secure linux -
    suse suse linux 7.1