Linux Sudo Vulnerability (CVE-2019-18634): “In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process.”
Sudo is one of the most important, powerful and commonly used utilities that comes as a core command pre-installed on almost every Linux based operating system. Sudo program allows users to run programs with the security privileges of another user, by default the superuser.
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.)
The Linux Sudo vulnerability (CVE-2019-18634) can be triggered even by users not listed in the sudoers file. The exploitation takes place by passing a large input to sudo via a pipe when it prompts for a password.
An attacker can trigger a stack-based buffer overflow in the privileged sudo process.
Category: Buffer Overflow (Stack-Based)
CVSS 3.1 Base Score: 7.8 High
CVSS 3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
To defend against possible attacks due to the Linux Sudo vulnerability, sudoers configuration file needs to be checked and reconfigured securely (by changing “Defaults pwfeedback” to “Defaults !pwfeedback” in the sudoers configuration file.).
To determine if a sudoers configuration is affected, “sudo -l” command be run on Linux or MacOS terminals to find whether the “pwfeedback” option is enabled.
For every lock, there is someone out there trying to pick it or break in.David Bernstein
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
To learn more about other Linux Sudo vulnerabilities, you could also read our articles: