Source: sudo
Version: 1.8.29-1
Severity: important
Tags: security upstream
Control: found -1 1.8.27-1+deb10u1
Control: found -1 1.8.27-1
Control: found -1 1.8.19p1-2.1+deb9u1
Control: found -1 1.8.19p1-2.1

Hi,

The following vulnerability was published for sudo.

CVE-2019-18634[0]:
| In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users
| can trigger a stack-based buffer overflow in the privileged sudo
| process. (pwfeedback is a default setting in Linux Mint and elementary
| OS; however, it is NOT the default for upstream and many other
| packages, and would exist only if enabled by an administrator.) The
| attacker needs to deliver a long string to the stdin of getln() in
| tgetpass.c.

Note that a change in 1.8.26 itself[4] made the bug unexploitable
starting from that version, but the issue itself is fixed upstream in
1.8.31. Could you please close this bug once sudo is rebased in
unstable to 1.8.31 or the bugfix still cherry-picked?

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-18634
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634
[1] https://www.sudo.ws/alerts/pwfeedback.html
[2] https://www.openwall.com/lists/oss-security/2020/01/30/6
[3] 
https://github.com/sudo-project/sudo/commit/fa8ffeb17523494f0e8bb49a25e53635f4509078
[4] https://www.openwall.com/lists/oss-security/2020/01/31/1

Regards,
Salvatore

Reply via email to