Lucene search

K

Sudo 1.8.25p - Buffer Overflow Exploit

๐Ÿ—“๏ธย 04 Feb 2020ย 00:00:00Reported byย Joe VennixTypeย 
zdt
ย zdt
๐Ÿ”—ย 0day.today๐Ÿ‘ย 640ย Views

Sudo pwfeedback allows buffer overflo

Show more
Related
Code
ReporterTitlePublishedViews
Family
OSV
sudo - security update
1 Feb 202000:00
โ€“osv
OSV
CVE-2019-18634
29 Jan 202018:15
โ€“osv
OSV
Red Hat Security Advisory: sudo security update
16 Sep 202403:30
โ€“osv
OSV
Red Hat Security Advisory: sudo security update
16 Sep 202403:30
โ€“osv
OSV
sudo - security update
1 Feb 202000:00
โ€“osv
OSV
Red Hat Security Advisory: sudo security update
16 Sep 202403:30
โ€“osv
OSV
Red Hat Security Advisory: sudo security update
16 Sep 202403:30
โ€“osv
OSV
sudo-1.9.7p2-1.4 on GA media
15 Jun 202400:00
โ€“osv
The Hacker News
Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root
3 Feb 202015:35
โ€“thn
Tenable Nessus
EulerOS 2.0 SP9 : sudo (EulerOS-SA-2020-2237)
21 Oct 202000:00
โ€“nessus
Rows per page
# Title: Sudo 1.8.25p - Buffer Overflow
# Author: Joe Vennix
# Software: Sudo
# Versions: Sudo versions prior to 1.8.26
# CVE: CVE-2019-18634
# Reference: https://www.sudo.ws/alerts/pwfeedback.html

# Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting 
# their password. For each key press, an asterisk is printed. This option was added in 
# response to user confusion over how the standard Password: prompt disables the echoing 
# of key presses. While pwfeedback is not enabled by default in the upstream version of sudo,
# some systems, such as Linux Mint and Elementary OS, do enable it in their default sudoers files.

# Due to a bug, when the pwfeedback option is enabled in the sudoers file, a user may be able to trigger a stack-based buffer overflow.
# This bug can be triggered even by users not listed in the sudoers file. There is no impact unless pwfeedback has been enabled.

The folowing sudoers configuration is vulnerable:

    $ sudo -l
    Matching Defaults entries for millert on linux-build:
	insults, pwfeedback, mail_badpass, mailerpath=/usr/sbin/sendmail

    User millert may run the following commands on linux-build:
	(ALL : ALL) ALL

# Exploiting the bug does not require sudo permissions, merely that pwfeedback be enabled. 
# The bug can be reproduced by passing a large input to sudo via a pipe when it prompts for a password.

    $ perl -e 'print(("A" x 100 . "\x{00}") x 50)' | sudo -S id
    Password: Segmentation fault

If pwfeedback is enabled in sudoers, the stack overflow may allow unprivileged users to escalate to the root account.

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
04 Feb 2020 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.002
640
.json
Report