CVE-2019-18634

Vulnerability Description

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00029.html
• http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-UpdThird Party AdvisoryVDB Entry
• http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.htmlThird Party AdvisoryVDB Entry
• http://seclists.org/fulldisclosure/2020/Jan/40Mailing ListThird Party Advisory
• http://www.openwall.com/lists/oss-security/2020/01/30/6Mailing ListThird Party Advisory
• http://www.openwall.com/lists/oss-security/2020/01/31/1Mailing ListThird Party Advisory
• http://www.openwall.com/lists/oss-security/2020/02/05/2Third Party Advisory
• http://www.openwall.com/lists/oss-security/2020/02/05/5ExploitThird Party Advisory
• https://access.redhat.com/errata/RHSA-2020:0487
• https://access.redhat.com/errata/RHSA-2020:0509
• https://access.redhat.com/errata/RHSA-2020:0540
• https://access.redhat.com/errata/RHSA-2020:0726
• https://lists.debian.org/debian-lts-announce/2020/02/msg00002.htmlMailing ListThird Party Advisory
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro