CVE-2019-18634

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

References

http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html

http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html

http://seclists.org/fulldisclosure/2020/Jan/40

http://www.openwall.com/lists/oss-security/2020/01/30/6

http://www.openwall.com/lists/oss-security/2020/01/31/1

http://www.openwall.com/lists/oss-security/2020/02/05/2

http://www.openwall.com/lists/oss-security/2020/02/05/5

https://access.redhat.com/errata/RHSA-2020:0487

https://access.redhat.com/errata/RHSA-2020:0509

https://lists.debian.org/debian-lts-announce/2020/02/msg00002.html

https://seclists.org/bugtraq/2020/Feb/2

https://seclists.org/bugtraq/2020/Feb/3

https://seclists.org/bugtraq/2020/Jan/44

https://security.netapp.com/advisory/ntap-20200210-0001/

https://support.apple.com/kb/HT210919

https://usn.ubuntu.com/4263-1/

https://usn.ubuntu.com/4263-2/

https://www.debian.org/security/2020/dsa-4614

https://www.sudo.ws/alerts/pwfeedback.html

https://www.sudo.ws/security.html

Details

Source: MITRE

Published: 2020-01-29

Updated: 2020-02-07

Type: CWE-787

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (43 total)

IDNameProductFamilySeverity
147665EulerOS Virtualization 2.9.0 : sudo (EulerOS-SA-2021-1657)NessusHuawei Local Security Checks
high
147565EulerOS Virtualization 2.9.1 : sudo (EulerOS-SA-2021-1627)NessusHuawei Local Security Checks
high
147406NewStart CGSL MAIN 4.06 : sudo Multiple Vulnerabilities (NS-SA-2021-0001)NessusNewStart CGSL Local Security Checks
high
145976CentOS 8 : sudo (CESA-2020:0487)NessusCentOS Local Security Checks
high
143914NewStart CGSL CORE 5.05 / MAIN 5.05 : sudo Vulnerability (NS-SA-2020-0096)NessusNewStart CGSL Local Security Checks
high
141878EulerOS 2.0 SP9 : sudo (EulerOS-SA-2020-2238)NessusHuawei Local Security Checks
high
141764EulerOS 2.0 SP9 : sudo (EulerOS-SA-2020-2237)NessusHuawei Local Security Checks
high
141722EulerOS Virtualization 3.0.2.2 : sudo (EulerOS-SA-2020-2196)NessusHuawei Local Security Checks
high
140284NewStart CGSL MAIN 4.05 : sudo Vulnerability (NS-SA-2020-0047)NessusNewStart CGSL Local Security Checks
high
138004EulerOS Virtualization 3.0.6.0 : sudo (EulerOS-SA-2020-1785)NessusHuawei Local Security Checks
high
137504EulerOS 2.0 SP2 : sudo (EulerOS-SA-2020-1662)NessusHuawei Local Security Checks
high
136908NewStart CGSL CORE 5.04 / MAIN 5.04 : sudo Vulnerability (NS-SA-2020-0025)NessusNewStart CGSL Local Security Checks
high
136267EulerOS Virtualization for ARM 64 3.0.2.0 : sudo (EulerOS-SA-2020-1564)NessusHuawei Local Security Checks
high
135564EulerOS 2.0 SP3 : sudo (EulerOS-SA-2020-1435)NessusHuawei Local Security Checks
high
135136EulerOS Virtualization for ARM 64 3.0.6.0 : sudo (EulerOS-SA-2020-1349)NessusHuawei Local Security Checks
high
134682Amazon Linux AMI : sudo (ALAS-2020-1356)NessusAmazon Linux Local Security Checks
high
134679Amazon Linux 2 : sudo (ALAS-2020-1404)NessusAmazon Linux Local Security Checks
high
134589GLSA-202003-12 : sudo: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
134385CentOS 6 : sudo (CESA-2020:0726)NessusCentOS Local Security Checks
high
134346Scientific Linux Security Update : sudo on SL6.x i386/x86_64 (20200305)NessusScientific Linux Local Security Checks
high
134341Oracle Linux 6 : sudo (ELSA-2020-0726)NessusOracle Linux Local Security Checks
high
134271RHEL 6 : sudo (RHSA-2020:0726)NessusRed Hat Local Security Checks
high
134253Fedora 31 : sudo (2020-8b563bc5f4)NessusFedora Local Security Checks
high
134073openSUSE Security Update : sudo (openSUSE-2020-244)NessusSuSE Local Security Checks
high
134015EulerOS 2.0 SP8 : sudo (EulerOS-SA-2020-1181)NessusHuawei Local Security Checks
high
133936EulerOS 2.0 SP5 : sudo (EulerOS-SA-2020-1135)NessusHuawei Local Security Checks
high
133833SUSE SLES12 Security Update : sudo (SUSE-SU-2020:0409-1)NessusSuSE Local Security Checks
high
133832SUSE SLED15 / SLES15 Security Update : sudo (SUSE-SU-2020:0408-1)NessusSuSE Local Security Checks
high
133831SUSE SLES12 Security Update : sudo (SUSE-SU-2020:0407-1)NessusSuSE Local Security Checks
high
133830SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2020:0406-1)NessusSuSE Local Security Checks
high
133790SUSE SLES12 Security Update : sudo (SUSE-SU-2020:0390-1)NessusSuSE Local Security Checks
high
133789Scientific Linux Security Update : sudo on SL7.x x86_64 (20200218)NessusScientific Linux Local Security Checks
high
133783RHEL 7 : sudo (RHSA-2020:0540)NessusRed Hat Local Security Checks
high
133781Oracle Linux 7 : sudo (ELSA-2020-0540)NessusOracle Linux Local Security Checks
high
133770CentOS 7 : sudo (CESA-2020:0540)NessusCentOS Local Security Checks
high
133713RHEL 8 : sudo (RHSA-2020:0509)NessusRed Hat Local Security Checks
high
133712RHEL 8 : sudo (RHSA-2020:0487)NessusRed Hat Local Security Checks
high
133531macOS 10.15.x < 10.15.3 / 10.14.x < 10.14.6 / 10.13.x < 10.13.6NessusMacOS X Local Security Checks
critical
133449Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : sudo vulnerability (USN-4263-1)NessusUbuntu Local Security Checks
high
133437Slackware 14.0 / 14.1 / 14.2 / current : sudo (SSA:2020-031-01)NessusSlackware Local Security Checks
high
133433FreeBSD : sudo -- Potential bypass of Runas user restrictions (b4e5f782-442d-11ea-9ba9-206a8a720317)NessusFreeBSD Local Security Checks
high
133417Debian DSA-4614-1 : sudo - security updateNessusDebian Local Security Checks
high
133414Debian DLA-2094-1 : sudo security updateNessusDebian Local Security Checks
high