|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2021-02-03 01:03:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] A major vulnerability in Sudo
A longstanding hole in the Sudo
privilege-delegation tool that was discovered
in late January is a potent local vulnerability. Exploiting it allows local users
to run code of their choosing as root by way of a bog-standard heap-buffer
overflow. It seems like the kind of bug that might have been found earlier via
code inspection or fuzzing, but it has remained in this security-sensitive
utility since it was introduced in 2011.
A longstanding hole in the Sudo
privilege-delegation tool that was discovered
in late January is a potent local vulnerability. Exploiting it allows local users
to run code of their choosing as root by way of a bog-standard heap-buffer
overflow. It seems like the kind of bug that might have been found earlier via
code inspection or fuzzing, but it has remained in this security-sensitive
utility since it was introduced in 2011.
