[$] A major vulnerability in Sudo

Post Syndicated from original https://lwn.net/Articles/844789/rss

A longstanding hole in the Sudo
privilege-delegation tool that was discovered
in late January
is a potent local vulnerability. Exploiting it allows local users
to run code of their choosing as root by way of a bog-standard heap-buffer
overflow. It seems like the kind of bug that might have been found earlier via
code inspection or fuzzing, but it has remained in this security-sensitive
utility since it was introduced in 2011.