[ASA-202002-2] sudo: privilege escalation

Morten Linderud foxboron at archlinux.org
Thu Feb 6 14:44:56 UTC 2020


Arch Linux Security Advisory ASA-202002-2
=========================================

Severity: High
Date    : 2020-02-06
CVE-ID  : CVE-2019-18634
Package : sudo
Type    : privilege escalation
Remote  : No
Link    : https://security.archlinux.org/AVG-1093

Summary
=======

The package sudo before version 1.8.31-1 is vulnerable to privilege
escalation.

Resolution
==========

Upgrade to 1.8.31-1.

# pacman -Syu "sudo>=1.8.31-1"

The problem has been fixed upstream in version 1.8.31.

Workaround
==========

Ensure pwfeedback is disabled in /etc/sudoers with:

    Defaults !pwfeedback

Description
===========

A flaw was found in the Sudo before version 1.8.31 application when the
’pwfeedback' option is set to true on the sudoers file. An
authenticated user can use this vulnerability to trigger a stack-based
buffer overflow under certain conditions even without Sudo privileges.
The buffer overflow may allow an attacker to expose or corrupt memory
information, crash the Sudo application, or possibly inject code to be
run as a root user.

Impact
======

An authenticated user is capable of escalating to root privileges.

References
==========

https://www.sudo.ws/alerts/pwfeedback.html
https://www.sudo.ws/repos/sudo/rev/84640592b0ff
https://security.archlinux.org/CVE-2019-18634
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20200206/3df3f9cb/attachment.sig>


More information about the arch-security mailing list