Debian Security Advisory DSA 128-1 (sudo) Network Vulnerability

Summary

The remote host is missing an update to sudo announced via advisory DSA 128-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20128-1

Insight

fc found a buffer overflow in the variable expansion code used by sudo for its prompt. Since sudo is necessarily installed suid root a local user can use this to gain root access. This has been fixed in version 1.6.2-2.2 and we recommend that you upgrade

Severity

Classification

CVE CVE-2002-0184

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1002-1 (webcalendar)
Debian Security Advisory DSA 082-1 (xvt)
Debian Security Advisory DSA 079-2 (uucp)
Debian Security Advisory DSA 097-1 (exim)
Debian Security Advisory DSA 063-1 (xinetd)

Take action and discover your vulnerabilities