Serious sudo flaw could be exploited to gain root access to Linux systems
Details of a nine-year-old security vulnerability with the sudo utility found in numerous Unix and Linux based operating systems have been revealed.
The flaw, which affects the likes of Linux Mint and Elementary OS, could be exploited to give users root privileges on a vulnerable system. Sudo versions 1.7.1 to 1.8.30 are at risk if the pwfeedback option is enabled.
- Google may have shared your videos with strangers
- Yet another Windows 10 update is causing problems
- Hacker demonstrates Remote Code Execution exploit for Windows Remote Desktop Gateway
While the vulnerability is undoubtedly serious, there are elements of good news. Firstly, the pwfeedback option is not enabled by default in most distros, although it is enabled in both Mint and Elementary OS. The second piece of good news is that the issue has been patched -- you just need to make sure that you have 1.8.31 or newer installed, or the unaffected versions 1.8.26 to 1.8.30.
The vulnerability was discovered by Joe Vennix at Apple Information Security, and is described as follows:
Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting their password. For each key press, an asterisk is printed. This option was added in response to user confusion over how the standard Password: prompt disables the echoing of key presses. While pwfeedback is not enabled by default in the upstream version of sudo, some systems, such as Linux Mint and Elementary OS, do enable it in their default sudoers files.
Due to a bug, when the pwfeedback option is enabled in the sudoers file, a user may be able to trigger a stack-based buffer overflow. This bug can be triggered even by users not listed in the sudoers file. There is no impact unless pwfeedback has been enabled.
The vulnerability has been assigned CVE-2019-18634 and is described as a buffer overflow issue. In short, the solution is to either ensure that an unaffected version of sudo is installed, or disabled the pwfeedback option.