Security News > 2020 > February > Sudo Vulnerability Allows Privilege Escalation to Root
A patch has been released for a vulnerability in Sudo that can be exploited by an unprivileged attacker to gain full root permissions on the targeted system.
Sudo is a popular utility that system administrators can use to allow users to execute some commands as root or another user.
Joe Vennix, a security expert from Apple, discovered that Sudo is affected by a buffer overflow vulnerability that can be exploited to escalate privileges on the targeted system.
If the pwfeedback option is enabled in sudoers, an attacker who has access to the system - even if they are not listed in the sudoers file - can trigger the buffer overflow by passing a large input to sudo via a pipe when it prompts for the password.
The vulnerability is tracked as CVE-2019-18634 and it has impacted Sudo versions starting with 1.7.1, which was released back in 2009.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-29 | CVE-2019-18634 | Out-of-bounds Write vulnerability in multiple products In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. | 7.8 |