A patch has been released for a vulnerability in Sudo that can be exploited by an unprivileged attacker to gain full root permissions on the targeted system.
Sudo is a popular utility that system administrators can use to allow users to execute some commands as root or another user. Sudo is present in various Linux distributions and Apple’s macOS operating systems.
Joe Vennix, a security expert from Apple, discovered that Sudo is affected by a buffer overflow vulnerability that can be exploited to escalate privileges on the targeted system. The flaw impacts the pwfeedback option in Sudo.
When the sudo command is used and users are prompted to enter their password, they do not get any feedback when typing the password. However, if the pwfeedback option is enabled, an asterisk is printed on the screen for each character of the password in order to provide some visual feedback to the user.
The pwfeedback option is disabled by default, but in some operating systems, such as Linux Mint and Elementary OS, it’s enabled by default in the sudoers file, where the sudo privileges of users and groups are defined. In addition, many administrators find it useful and manually enable the option.
If the pwfeedback option is enabled in sudoers, an attacker who has access to the system — even if they are not listed in the sudoers file — can trigger the buffer overflow by passing a large input to sudo via a pipe when it prompts for the password. Exploitation can allow the attacker to escalate privileges to the root account.
“Because the attacker has complete control of the data used to overflow the buffer, there is a high likelihood of exploitability,” Sudo developers wrote in an advisory.
The vulnerability is tracked as CVE-2019-18634 and it has impacted Sudo versions starting with 1.7.1, which was released back in 2009. While the underlying issue is still present in more recent versions, exploitation does not appear to be possible in versions since 1.8.26, which was released in 2018.
The weakness has now been fixed in version 1.8.31. As a workaround, users can simply disable pwfeedback.
Apple and Linux distributions such as Red Hat, Ubuntu and Debian have also released patches or mitigations for the vulnerability.
Related: Libarchive Vulnerability Impacts Multiple Linux Distributions
Related: Serious Vulnerabilities in Linux Kernel Allow Remote DoS Attacks
Related: Linux Flaw Allows Sudo Users to Gain Root Privileges
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
