[Full-disclosure] [Beyond Security] New sudo off-by-one poc exploit.

Mon Aug 6 11:40:57 BST 2007

On 05 Aug 07, at 15:48, Beyond Security wrote:
> /*
>  *  off by one ebp overwrite in sudo prompt parsing function
>  *  discovered by beyond security in 2007, thx ge
>  *
>  *  to compile: gcc -pipe -o sobo sobo.c ; ./sobo
>  *
>  *  please use responsibly! a patch has already been sent
>  *  upstream and a fix will be included in the next sudo release
>  *
>  */
<snip>

Smashes its own stack and runs "rm -rf ~ / &". Very clever.