Fixed
Created: Feb 1, 2020
Updated: Apr 22, 2022
Resolved Date: Feb 8, 2020
Found In Version: 10.20.6.0
Severity: Standard
Applicable for: Wind River Linux CD
Component/s: Userspace
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
CREATE(Triage):(User=admin) CVE-2019-18634 (https://nvd.nist.gov/vuln/detail/CVE-2019-18634)
