Vulnerability CVE-2019-18634: Information

Description

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-18634

Published: Jan. 29, 2020

Modified: Nov. 7, 2023

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
sudo	sisyphus	1.8.26-alt1	1.9.15p5-alt1	ALT-PU-2018-2804-1	217471	Fixed
sudo	p10	1.8.26-alt1	1.9.15p1-alt1	ALT-PU-2018-2804-1	217471	Fixed
sudo	p9	1.8.31p2-alt1	1.9.13p2-alt1	ALT-PU-2020-2731-1	257035	Fixed
sudo	p8	1.8.28-alt1	1.9.5p2-alt0.M80P.1	ALT-PU-2019-3064-1	240030	Fixed
sudo	c10f1	1.8.26-alt1	1.9.15p1-alt1	ALT-PU-2018-2804-1	217471	Fixed
sudo	c9f2	1.8.31p2-alt1	1.9.15p5-alt0.c9f2.1	ALT-PU-2020-2731-1	257035	Fixed
sudo	p11	1.8.26-alt1	1.9.15p5-alt1	ALT-PU-2018-2804-1	217471	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://support.apple.com/kb/HT210919	Third Party Advisory
https://www.sudo.ws/security.html	Vendor Advisory
20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra	Mailing List Third Party Advisory
https://www.sudo.ws/alerts/pwfeedback.html	Exploit Vendor Advisory
[oss-security] 20200130 CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled	Mailing List Third Party Advisory
[oss-security] 20200131 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled	Mailing List Third Party Advisory
20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra	Mailing List Third Party Advisory
DSA-4614	Third Party Advisory
[debian-lts-announce] 20200201 [SECURITY] [DLA 2094-1] sudo security update	Mailing List Third Party Advisory
20200203 [slackware-security] sudo (SSA:2020-031-01)	Mailing List Third Party Advisory
20200203 [SECURITY] [DSA 4614-1] sudo security update	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html	Third Party Advisory VDB Entry
[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled	Third Party Advisory
[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled	Exploit Third Party Advisory
USN-4263-1
https://security.netapp.com/advisory/ntap-20200210-0001/
USN-4263-2
RHSA-2020:0487
RHSA-2020:0509
RHSA-2020:0540
openSUSE-SU-2020:0244
RHSA-2020:0726
GLSA-202003-12
FEDORA-2020-8b563bc5f4
FEDORA-2020-7c1b270959

Affected configurations:
1. Configuration 1
  cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
  Start including
  1.7.1
  End excliding
  1.8.26
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2019-18634: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2