CVE-2002-0184

Name of the Vulnerable Software and Affected Versions sudo versions prior to 1.6.6

Description The issue is caused by an off-by-one error that can result in a heap-based buffer overflow. This may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. The vulnerability can be exploited locally and may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 1.6.6, update to version 1.6.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of special characters in the -p (prompt) argument until a patch is available.