Fixed
Created: Feb 1, 2020
Updated: Apr 22, 2022
Resolved Date: Mar 15, 2020
Found In Version: 9.0.0.1
Fix Version: 9.0.0.25
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
CREATE(Triage):(User=admin) CVE-2019-18634 (https://nvd.nist.gov/vuln/detail/CVE-2019-18634)