Madshrimps Forum Madness

Madshrimps Forum Madness (https://www.madshrimps.be/vbulletin/)
-   WebNews (https://www.madshrimps.be/vbulletin/f22/)
-   -   Sudo has huge bug (https://www.madshrimps.be/vbulletin/f22/sudo-has-huge-bug-193686/)

Stefan Mileschin 6th February 2020 13:04
Sudo has huge bug
 
Su-Sussudio

Sudo, a utility found in dozens of Unix-like operating systems, has received a patch for a potentially serious bug that allows unprivileged users to easily obtain unfettered root privileges on vulnerable systems.

The vulnerability tracked as CVE-2019-18634, is the result of a stack-based buffer-overflow bug found in versions 1.7.1 through 1.8.25p1. It can be triggered only when either an administrator or a downstream OS, such as Linux Mint and Elementary OS, has enabled an option known as pwfeedback. With pwfeedback turned on, the vulnerability can be exploited even by users who aren't listed in sudoers, a file that contains rules that users must follow when using the sudo command.

According to a Sudo advisory exploiting the bug does not require sudo permissions, merely that pwfeedback be enabled.

"The bug can be reproduced by passing a large input to Sudo via a pipe when it prompts for a password."

The advisory lists two flaws that lead to the vulnerability. The first: pwfeedback isn't ignored as it should be when reading from something other than a terminal. As a result, the saved version of a line erase character remains at its initialized value of 0. The second contributor is that the code that erases the line of asterisks doesn't properly reset the buffer position if there is an error writing data. Instead, the code resets only the remaining buffer length.

https://fudzilla.com/news/50255-sudo-has-huge-bug


All times are GMT +1. The time now is 01:11.

Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO