FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sudosh -- buffer overflow

Affected packages
sudosh2 <= 1.0.2
sudosh3 <= 3.2.0_2

Details

VuXML ID 8675efd5-e22c-11e1-a808-002354ed89bc
Discovery 2010-01-17
Entry 2012-08-09

ISS reports:

sudosh2 and sudosh3 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the replay() function. By persuading a victim to replay a specially-crafted recorded sudo session, a local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash.

References

URL http://secunia.com/advisories/38292
URL http://secunia.com/advisories/38349
URL http://xforce.iss.net/xforce/xfdb/55903