← back
CVE-2019-18634

CVE-2019-18634

EPSS 19.4%
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Affected products
n/a · n/a
public PoCs found18
githubgithub.com/saleemrashid/sudo-cve-2019-18634240githubgithub.com/Plazmaz/CVE-2019-1863458githubgithub.com/aesophor/CVE-2019-186345githubgithub.com/chanbakjsd/CVE-2019-186343githubgithub.com/N1et/CVE-2019-186342githubgithub.com/dukptkey/CVE-2019-186341githubgithub.com/letsr00t/-CVE-2019-18634-sudo-pwfeedback0githubgithub.com/edsonjt81/sudo-cve-2019-186340githubgithub.com/paras1te-x/CVE-2019-186340githubgithub.com/TheJoyOfHacking/saleemrashid-sudo-cve-2019-186340githubgithub.com/CyrusRazavi/CVE-2019-18634-writeup0githubgithub.com/DDayLuong/CVE-2019-186340githubgithub.com/l0w3/CVE-2019-186340githubgithub.com/ngyinkit/cve-2019-186340cve_referencepacketstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47995unverifiedexploitdbwww.exploit-db.com/exploits/48052unverifiedcve_referencepacketstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00029.htmlhttp://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.htmlhttp://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.htmlhttps://access.redhat.com/errata/RHSA-2020:0487https://access.redhat.com/errata/RHSA-2020:0509https://access.redhat.com/errata/RHSA-2020:0540https://access.redhat.com/errata/RHSA-2020:0726http://seclists.org/fulldisclosure/2020/Jan/40https://lists.debian.org/debian-lts-announce/2020/02/msg00002.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/https://seclists.org/bugtraq/2020/Feb/2