CVE-2019-18634

2020-01-3100:00:00

ubuntu.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.0%

JSON

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can
trigger a stack-based buffer overflow in the privileged sudo process.
(pwfeedback is a default setting in Linux Mint and elementary OS; however,
it is NOT the default for upstream and many other packages, and would exist
only if enabled by an administrator.) The attacker needs to deliver a long
string to the stdin of getln() in tgetpass.c.

Notes

Author	Note
mdeslaur	pwfeedback is not enabled in Ubuntu affects 1.7.1 to 1.8.25p1 as it can’t be exploited in 1.8.26 to 1.8.30

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsudo< 1.8.21p2-3ubuntu1.2UNKNOWN
ubuntu19.10noarchsudo< 1.8.27-1ubuntu4.1UNKNOWN
ubuntu14.04noarchsudo< 1.8.9p5-1ubuntu1.5+esm3) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchsudo< 1.8.16-0ubuntu1.9UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	sudo	< 1.8.21p2-3ubuntu1.2	UNKNOWN
ubuntu	19.10	noarch	sudo	< 1.8.27-1ubuntu4.1	UNKNOWN
ubuntu	14.04	noarch	sudo	< 1.8.9p5-1ubuntu1.5+esm3) Available with Ubuntu Pro or Ubuntu Pro (Infra-only	UNKNOWN
ubuntu	16.04	noarch	sudo	< 1.8.16-0ubuntu1.9	UNKNOWN