Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-18634

Опубликовано: 29 янв. 2020
Источник: debian
EPSS Высокий

Описание

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
sudofixed1.8.31-1package
sudofixed1.8.27-1+deb10u2busterpackage

Примечания

  • https://www.sudo.ws/alerts/pwfeedback.html

  • https://www.openwall.com/lists/oss-security/2020/01/30/6

  • https://github.com/sudo-project/sudo/commit/fa8ffeb17523494f0e8bb49a25e53635f4509078 (master)

  • https://github.com/sudo-project/sudo/commit/b5d2010b6514ff45693509273bb07df3abb0bf0a (SUDO_1_8_31)

  • The issue itself is fixed only in 1.8.31 but a change in the EOF handling

  • introduced in 1.8.26 mitigated exploitation of the bug in some cases:

  • https://www.openwall.com/lists/oss-security/2020/01/31/1

  • Change for "Print a warning for password read issues" in 1.8.26:

  • https://github.com/sudo-project/sudo/commit/ab2cba0f5d8b286e8e52c06076efd32434f538ae (SUDO_1_8_26)

  • The overflow is tough as well reachable when using a pty:

  • https://www.openwall.com/lists/oss-security/2020/02/05/2

EPSS

Процентиль: 99%
0.86816
Высокий

Связанные уязвимости

ubuntu логотип

CVE-2019-18634

CVSS3: 7.8
ubuntu
около 6 лет назад

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

redhat логотип

CVE-2019-18634

CVSS3: 7.8
redhat
около 6 лет назад

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

nvd логотип

CVE-2019-18634

CVSS3: 7.8
nvd
около 6 лет назад

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

suse-cvrf логотип

openSUSE-SU-2020:0244-1

suse-cvrf
почти 6 лет назад

Security update for sudo

suse-cvrf логотип

SUSE-SU-2020:0409-1

suse-cvrf
почти 6 лет назад

Security update for sudo

EPSS

Процентиль: 99%
0.86816
Высокий