Linux Sudo Vulnerability (CVE-2019-18634)

Contents of The Article hide

5 References to Advisories, Solutions and Tools

Overview

Linux Sudo Vulnerability (CVE-2019-18634): “In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process.”

Description

Sudo is one of the most important, powerful and commonly used utilities that comes as a core command pre-installed on almost every Linux based operating system. Sudo program allows users to run programs with the security privileges of another user, by default the superuser.

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.)

The Linux Sudo vulnerability (CVE-2019-18634) can be triggered even by users not listed in the sudoers file. The exploitation takes place by passing a large input to sudo via a pipe when it prompts for a password.

Impact

An attacker can trigger a stack-based buffer overflow in the privileged sudo process.

Impact Summary

Category: Buffer Overflow (Stack-Based)
CVSS 3.1 Base Score: 7.8 High
CVSS 3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Solution (Patch/Workaround)

To defend against possible attacks due to the Linux Sudo vulnerability, sudoers configuration file needs to be checked and reconfigured securely (by changing “Defaults pwfeedback” to “Defaults !pwfeedback” in the sudoers configuration file.).

To determine if a sudoers configuration is affected, “sudo -l” command be run on Linux or MacOS terminals to find whether the “pwfeedback” option is enabled.