CVE-2019-18634
HIGH | Platform: macOS | Changelog
CVE Details
Description
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
CVSS 3.1 Score
| Metric | Value |
|---|---|
| Base Score | 7.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Weakness
References
- Apple Security Advisory
- NVD Entry
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00029.html
- http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html (Third Party Advisory, VDB Entry)
- http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html (Third Party Advisory, VDB Entry)
- http://seclists.org/fulldisclosure/2020/Jan/40 (Mailing List, Third Party Advisory)
- http://www.openwall.com/lists/oss-security/2020/01/30/6 (Mailing List, Third Party Advisory)
- http://www.openwall.com/lists/oss-security/2020/01/31/1 (Mailing List, Third Party Advisory)
- http://www.openwall.com/lists/oss-security/2020/02/05/2 (Third Party Advisory)
- http://www.openwall.com/lists/oss-security/2020/02/05/5 (Exploit, Third Party Advisory)