一、 漏洞 CVE-2019-18634 基础信息

                                        # N/A

## 概述
在 Sudo 1.8.26 之前的版本中，如果 `/etc/sudoers` 文件中启用了 `pwfeedback`，用户可以触发特权 `sudo` 进程中的堆栈溢出。

## 影响版本
Sudo 1.8.26 之前的版本

## 细节
- 当 `/etc/sudoers` 文件中启用了 `pwfeedback` 选项时，攻击者可以通过向 `tgetpass.c` 文件中的 `getln()` 函数传递一个很长的字符串来触发堆栈溢出。
- `pwfeedback` 是 Linux Mint 和 elementary OS 的默认设置，但在上游和其他许多软件包中默认未启用，只有经过管理员设置后才会启用。

## 影响
攻击者可以利用此漏洞触发堆栈溢出，可能导致特权提升或其他安全问题。
                                        

二、漏洞 CVE-2019-18634 的公开POC

三、漏洞 CVE-2019-18634 的情报信息

• http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.htmlx_refsource_MISC
• http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.htmlx_refsource_MISC
• https://www.sudo.ws/security.htmlx_refsource_MISC
• https://security.netapp.com/advisory/ntap-20200210-0001/x_refsource_CONFIRM
• https://support.apple.com/kb/HT210919x_refsource_CONFIRM
• https://www.sudo.ws/alerts/pwfeedback.htmlx_refsource_CONFIRM
• https://www.debian.org/security/2020/dsa-4614vendor-advisoryx_refsource_DEBIAN

• 标题： USN-4263-1: Sudo vulnerability | Ubuntu security notices | Ubuntu -- 🔗来源链接

  标签：vendor-advisoryx_refsource_UBUNTU

  神龙速读：

                                          - **Security Notice Number**:
      - USN-4263-1
  - **Vulnerability**:
      - Sudo (CVE-2019-18634)
  - **Release date**:
      - February 3, 2020
  - **Description of the problem**:
      - Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this flaw to obtain unintended access to the administrator account.
  - **Software updates**
      - To solve the problem, it is recommended to update the following versions of the Sudo software package:
          - Ubuntu 19.10 (eoan)
              - sudo - 1.8.27-1ubuntu4.1
              - sudo-ldap - 1.8.27-1ubuntu4.3
          - Ubuntu 18.04 LTS (bionic)
              - sudo - 1.8.21p2-3ubuntu1.2
              - sudo-ldap - 1.8.21p2-3ubuntu1.2
          - Ubuntu 16.04 LTS (xenial)
              - sudo - 1.8.16-0ubuntu1.9
              - sudo-ldap - 1.8.16-0ubuntu1.9
  
                                          

  
• https://usn.ubuntu.com/4263-2/vendor-advisoryx_refsource_UBUNTU
• https://access.redhat.com/errata/RHSA-2020:0487vendor-advisoryx_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2020:0540vendor-advisoryx_refsource_REDHAT
• https://access.redhat.com/errata/RHSA-2020:0509vendor-advisoryx_refsource_REDHAT
• https://security.gentoo.org/glsa/202003-12vendor-advisoryx_refsource_GENTOO
• https://access.redhat.com/errata/RHSA-2020:0726vendor-advisoryx_refsource_REDHAT
• http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00029.htmlvendor-advisoryx_refsource_SUSE
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/vendor-advisoryx_refsource_FEDORA
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/vendor-advisoryx_refsource_FEDORA
• https://seclists.org/bugtraq/2020/Feb/3mailing-listx_refsource_BUGTRAQ
• https://seclists.org/bugtraq/2020/Feb/2mailing-listx_refsource_BUGTRAQ
• https://lists.debian.org/debian-lts-announce/2020/02/msg00002.htmlmailing-listx_refsource_MLIST
• http://www.openwall.com/lists/oss-security/2020/01/30/6mailing-listx_refsource_MLIST
• http://www.openwall.com/lists/oss-security/2020/02/05/5mailing-listx_refsource_MLIST
• http://www.openwall.com/lists/oss-security/2020/02/05/2mailing-listx_refsource_MLIST
• http://www.openwall.com/lists/oss-security/2020/01/31/1mailing-listx_refsource_MLIST
• https://seclists.org/bugtraq/2020/Jan/44mailing-listx_refsource_BUGTRAQ
• http://seclists.org/fulldisclosure/2020/Jan/40mailing-listx_refsource_FULLDISC
• https://nvd.nist.gov/vuln/detail/CVE-2019-18634

四、漏洞 CVE-2019-18634 的评论