Vulnerability Name:

CVE-2002-0184 (CCN-8936)

Assigned:2002-04-25
Published:2002-04-25
Updated:2021-04-01
Summary:Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Thu Apr 25 2002 - 12:08:09 CDT
Sudo version 1.6.6 now available (fwd)

Source: MITRE
Type: CNA
CVE-2002-0184

Source: CCN
Type: Conectiva Linux Announcement CLSA-2002:475
sudo

Source: CONECTIVA
Type: Third Party Advisory
CLA-2002:475

Source: CCN
Type: EnGarde Secure Linux Security Advisory ESA-20020429-010
sudo

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20020425 [Global InterSec 2002041701] Sudo Password Prompt

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20020425 Sudo version 1.6.6 now available (fwd)

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20020425 [slackware-security] sudo upgrade fixes a potential vulnerability

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20020429 TSLSA-2002-0046 - sudo

Source: CCN
Type: RHSA-2002-071
Updated sudo packages are available

Source: CCN
Type: RHSA-2002-072
Updated sudo packages are available

Source: DEBIAN
Type: Third Party Advisory
DSA-128

Source: DEBIAN
Type: DSA-128
sudo -- buffer overflow

Source: CCN
Type: Global InterSec LLC Advisory 2002041701
Sudo Heap Vulnerability (Password Prompt)

Source: XF
Type: Broken Link
sudo-password-expansion-overflow(8936)

Source: CCN
Type: US-CERT VU#820083
sudo vulnerable to heap corruption via -p parameter

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#820083

Source: MANDRAKE
Type: Broken Link
MDKSA-2002:028

Source: ENGARDE
Type: Patch, Vendor Advisory
ESA-20020429-010

Source: CCN
Type: Guardian Digital Security Advisory ESA-20030515-015
[ESA-20030515-015] 'sudo' heap corruption vulnerability

Source: SUSE
Type: Broken Link
SuSE-SA:2002:014

Source: CCN
Type: OSVDB ID: 5344
sudo -p Option Local Overflow

Source: REDHAT
Type: Third Party Advisory
RHSA-2002:071

Source: REDHAT
Type: Third Party Advisory
RHSA-2002:072

Source: BID
Type: Third Party Advisory, VDB Entry
4593

Source: CCN
Type: BID-4593
Sudo Password Prompt Heap Overflow Vulnerability

Source: CCN
Type: slackware-security Mailing List, Thu, 25 Apr 2002 14:10:26 -0700 (PDT)
[slackware-security] sudo upgrade fixes a potential vulnerability

Source: CCN
Type: Sudo Web site
Sudo Main Page

Source: CCN
Type: Sudo-Announce Mailing List, Thu, 25 Apr 2002 10:21:54 -0600
security hole in sudo 1.5.7 - 1.6.5p2

Source: XF
Type: UNKNOWN
sudo-password-expansion-overflow(8936)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sudo_project:sudo:*:*:*:*:*:*:*:* (Version < 1.6.6)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:prg_graficos:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:ecommerce:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:linux_powertools:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_professional:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:128
    V
    		buffer overflow
    2002-04-26
    BACK
    sudo_project sudo *
    debian debian linux 2.2
    suse suse linux 6.4
    debian debian linux 2.2
    mandrakesoft mandrake linux 7.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    suse suse linux 7.0
    conectiva linux 6.0
    mandrakesoft mandrake linux corporate server 1.0.1
    suse suse linux 7.1
    slackware slackware linux 7.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    conectiva linux 5.0
    conectiva linux prg_graficos
    conectiva linux ecommerce
    conectiva linux 5.1
    mandrakesoft mandrake single network firewall 7.2
    suse suse linux 7.2
    slackware slackware linux 8.0
    conectiva linux 7.0
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    suse suse linux 7.3
    redhat linux powertools 6.2
    engardelinux secure linux -
    mandrakesoft mandrake linux 8.2
    suse suse linux 8.0
    conectiva linux 8.0
    redhat linux 7.3
    engardelinux secure professional -