CVE-2019-18634
high-risk
Published 2020-01-29
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Do I need to act?
!
87.5% chance of exploitation in next 30 days
EPSS score — higher than 13% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (4)
Affected Vendors
References (52)
Third Party Advisory
http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Upd...
Third Party Advisory
http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html
Mailing List
http://seclists.org/fulldisclosure/2020/Jan/40
Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/02/05/2
Mailing List
https://seclists.org/bugtraq/2020/Feb/2
Mailing List
https://seclists.org/bugtraq/2020/Feb/3
Mailing List
https://seclists.org/bugtraq/2020/Jan/44
and 32 more references
54
/ 100
high-risk
Severity
24/34 · High
Exploitability
20/34 · Moderate
Exposure
10/34 · Low