oss-sec mailing list archives
Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled
From: "Todd C. Miller" <Todd.Miller () sudo ws>
Date: Wed, 05 Feb 2020 11:22:45 -0700
On Wed, 05 Feb 2020 22:34:53 +1100, William Bowling wrote:
When using a pty, sudo_term_eof and sudo_term_kill are initialized to 0x4 and 0x15 allowing the overflow to be reached, making 1.8.26-1.8.30 also vulnerable:
Thanks for sharing the pty exploitation method. I've updated the details in https://www.sudo.ws/alerts/pwfeedback.html to make it clear that the bug is not specific to piped input. - todd
Current thread:
- CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled Todd C. Miller (Jan 30)
- <Possible follow-ups>
- Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled Todd C. Miller (Jan 31)
- Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled William Bowling (Feb 05)
- Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled Todd C. Miller (Feb 05)
- Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled William Bowling (Feb 05)