Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Sudo Vulnerability Allows Privilege Escalation to Root

A patch has been released for a vulnerability in Sudo that can be exploited by an unprivileged attacker to gain full root permissions on the targeted system.

A patch has been released for a vulnerability in Sudo that can be exploited by an unprivileged attacker to gain full root permissions on the targeted system.

Sudo is a popular utility that system administrators can use to allow users to execute some commands as root or another user. Sudo is present in various Linux distributions and Apple’s macOS operating systems.

Joe Vennix, a security expert from Apple, discovered that Sudo is affected by a buffer overflow vulnerability that can be exploited to escalate privileges on the targeted system. The flaw impacts the pwfeedback option in Sudo.

When the sudo command is used and users are prompted to enter their password, they do not get any feedback when typing the password. However, if the pwfeedback option is enabled, an asterisk is printed on the screen for each character of the password in order to provide some visual feedback to the user.

The pwfeedback option is disabled by default, but in some operating systems, such as Linux Mint and Elementary OS, it’s enabled by default in the sudoers file, where the sudo privileges of users and groups are defined. In addition, many administrators find it useful and manually enable the option.

If the pwfeedback option is enabled in sudoers, an attacker who has access to the system — even if they are not listed in the sudoers file — can trigger the buffer overflow by passing a large input to sudo via a pipe when it prompts for the password. Exploitation can allow the attacker to escalate privileges to the root account.

Advertisement. Scroll to continue reading.

“Because the attacker has complete control of the data used to overflow the buffer, there is a high likelihood of exploitability,” Sudo developers wrote in an advisory.

The vulnerability is tracked as CVE-2019-18634 and it has impacted Sudo versions starting with 1.7.1, which was released back in 2009. While the underlying issue is still present in more recent versions, exploitation does not appear to be possible in versions since 1.8.26, which was released in 2018.

The weakness has now been fixed in version 1.8.31. As a workaround, users can simply disable pwfeedback.

Apple and Linux distributions such as Red Hat, Ubuntu and Debian have also released patches or mitigations for the vulnerability.

Related: Libarchive Vulnerability Impacts Multiple Linux Distributions

Related: Serious Vulnerabilities in Linux Kernel Allow Remote DoS Attacks

Related: Linux Flaw Allows Sudo Users to Gain Root Privileges

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Sherrod DeGrippo has been appointed Head of Threat Intelligence for Palo Alto Networks Unit 42.

Christopher Porter has joined Booz Allen Hamilton as Global Chief Information Security Officer.

Yael Ben Arie has joined exposure validation company Pentera as Chief Product Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.