Please note that this is _not_ a security vulnerability. Here just
nonprivileged command's address space is modified (the shell before
launching sudo) and that's a feature, not a bug. To modify process'
address space the "attacker" needs to be able to actually run the
"exploit" which means that he has to compromise an account using another
vulnerability. In that case he has also numerous others way to stole
that user's privilegies by tricking the user using sudo or anything
similar. (Trojans, etc.)

--
Lubomir Kundrak (Red Hat Security Response Team)



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to