In Sudo prior to 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sudo project sudo |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
Including: Why was #RootGoat2020 trending on Twitter? It is as silly as you think
Roundup It's time yet again to recap the latest security happenings. An otherwise slow Friday afternoon has been spiced up by a hacker crew that managed to temporarily take control of Facebook's official Twitter account. OurMine did not say how it got into the Social Network's Twitter account, but it did take the opportunity to blast Zuck and Co.'s security practices: Towards the end of last week, you may have noticed an odd trend amongst infosec people on Twitter, as the hashtag "#RootGoat2020"...