<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: "Todd C. Miller" <Todd.Miller () sudo ws>
Date: Wed, 05 Feb 2020 11:22:45 -0700
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On Wed, 05 Feb 2020 22:34:53 +1100, William Bowling wrote:
When using a pty, sudo_term_eof and sudo_term_kill are initialized to 0x4
and 0x15 allowing the overflow to be reached, making 1.8.26-1.8.30 also
vulnerable:
Thanks for sharing the pty exploitation method. I've updated the
details in https://www.sudo.ws/alerts/pwfeedback.html to make it
clear that the bug is not specific to piped input.
- todd
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled Todd C. Miller (Jan 30)
<Possible follow-ups>
Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled Todd C. Miller (Jan 31)
Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled William Bowling (Feb 05)
Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled Todd C. Miller (Feb 05)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->