2
Candidate: CVE-2008-3067
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3067
6
sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password
7
entry times out, which might allow local users to obtain a password by
8
reading stdin from the parent process after a sudo child process exits.
11
kees> could not reproduce on Dapper or Gutsy, which predated the patch.
12
kees> I think this is a stand-alone vs PAM issue, and Debian/Ubuntu uses PAM.
19
upstream: http://www.sudo.ws/cgi-bin/cvsweb/sudo/tgetpass.c?r1=1.115&r2=1.121
20
upstream_sudo: released (1.6.9p12-1)
21
dapper_sudo: not-affected
22
feisty_sudo: needed (reached end-of-life)
23
gutsy_sudo: not-affected
24
hardy_sudo: not-affected
25
intrepid_sudo: not-affected
26
devel_sudo: not-affected