CVE-2019-18634: In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is…

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

EXPLOIT

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

Affected

9 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	sudo	< sudo 1.8.31-1 (bookworm)	sudo 1.8.31-1 (bookworm)
sudo_project	sudo	>= 0 < 1.8.31-1	1.8.31-1
sudo_project	sudo	>= 0 < 1.8.31-1	1.8.31-1
sudo_project	sudo	>= 0 < 1.8.31-1	1.8.31-1
sudo_project	sudo	>= 0 < 1.8.31-1	1.8.31-1
sudo_project	sudo	>= 1.7.1 < 1.8.26	1.8.26

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

osv7.8HIGH