ASA-202002-2: sudo: privilege escalation

Arch Linux 752 Published by

A sudo security update is available for Arch Linux to address a privilege escalation issue.



Arch Linux Security Advisory ASA-202002-2
=========================================

Severity: High
Date : 2020-02-06
CVE-ID : CVE-2019-18634
Package : sudo
Type : privilege escalation
Remote : No
Link :   https://security.archlinux.org/AVG-1093

Summary
=======

The package sudo before version 1.8.31-1 is vulnerable to privilege
escalation.

Resolution
==========

Upgrade to 1.8.31-1.

# pacman -Syu "sudo>=1.8.31-1"

The problem has been fixed upstream in version 1.8.31.

Workaround
==========

Ensure pwfeedback is disabled in /etc/sudoers with:

Defaults !pwfeedback

Description
===========

A flaw was found in the Sudo before version 1.8.31 application when the
’pwfeedback' option is set to true on the sudoers file. An
authenticated user can use this vulnerability to trigger a stack-based
buffer overflow under certain conditions even without Sudo privileges.
The buffer overflow may allow an attacker to expose or corrupt memory
information, crash the Sudo application, or possibly inject code to be
run as a root user.

Impact
======

An authenticated user is capable of escalating to root privileges.

References
==========

  https://www.sudo.ws/alerts/pwfeedback.html
  https://www.sudo.ws/repos/sudo/rev/84640592b0ff
  https://security.archlinux.org/CVE-2019-18634

USN-4273-1: ReportLab vulnerability

openSUSE-SU-2020:0180-1: moderate: Security update for upx

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...