{"vuid":"VU#820083","idnumber":"820083","name":"sudo vulnerable to heap corruption via -p parameter","keywords":["sudo","heap corruption","-p parameter","%h","%u","off-by-five","malloc()"],"overview":"Sudo is susceptible to a locally exploitable heap overflow vulnerability.","clean_desc":"Sudo is a common utility used to allow a system administrator to give users or groups of users rights to run certain programs as root or as another user. A locally exploitable heap overflow can lead to the execution of arbitrary code by a local attacker.","impact":"A local attacker can execute arbitrary code as root.","resolution":"Apply a patch from your vendor.","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Ian A. Finlay.","public":["http://www.globalintersec.com/adv/files/sudo-1.6.5p3.patch","http://www.globalintersec.com/adv/sudo-2002041701.txt"],"cveids":["CVE-2002-0184"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-04-25T19:32:22Z","publicdate":"2002-04-25T00:00:00Z","datefirstpublished":"2002-04-26T14:13:51Z","dateupdated":"2002-04-26T17:27:26Z","revision":13,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"10","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"15.75","cam_scorecurrentwidelyknown":"18.5625","cam_scorecurrentwidelyknownexploited":"24.1875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":15.75,"vulnote":null}