[ASA-202002-2] sudo: privilege escalation
Morten Linderud
foxboron at archlinux.org
Thu Feb 6 14:29:26 UTC 2020
Arch Linux Security Advisory ASA-202002-2
=========================================
Severity: High
Date : 2020-02-06
CVE-ID : CVE-2019-18634
Package : sudo
Type : privilege escalation
Remote : No
Link : https://security.archlinux.org/AVG-1093
Summary
=======
The package sudo before version 1.8.31-1 is vulnerable to privilege
escalation.
Resolution
==========
Upgrade to 1.8.31-1.
# pacman -Syu "sudo>=1.8.31-1"
The problem has been fixed upstream in version 1.8.31.
Workaround
==========
Ensure pwfeedback is disabled in /etc/sshd/sshd_config with:
Defaults !pwfeedback
Description
===========
A flaw was found in the Sudo before version 1.8.31 application when the
’pwfeedback' option is set to true on the sudoers file. An
authenticated user can use this vulnerability to trigger a stack-based
buffer overflow under certain conditions even without Sudo privileges.
The buffer overflow may allow an attacker to expose or corrupt memory
information, crash the Sudo application, or possibly inject code to be
run as a root user.
Impact
======
An authenticated user is capable of escalating to root privileges.
References
==========
https://www.sudo.ws/alerts/pwfeedback.html
https://www.sudo.ws/repos/sudo/rev/84640592b0ff
https://security.archlinux.org/CVE-2019-18634
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20200206/201f7662/attachment.sig>
More information about the arch-security
mailing list