关联漏洞
标题:Sudo 缓冲区错误漏洞 (CVE-2019-18634)描述:Sudo是一款使用于类Unix系统的,允许用户通过安全的方式使用特殊的权限执行命令的程序。 Sudo 1.8.26之前版本中存在缓冲区错误漏洞,该漏洞源于程序没有正确检查边界。本地攻击者可借助特制字符串利用该漏洞在系统上执行任意代码。
描述
A reproduction of CVE-2019-18634, sudo privilege escalation with buffer overflow.
介绍
# CVE-2019-18634
This is a basic reproduction of CVE-2019-18634, a privilege escalation exploit
in sudo with pwfeedback enabled. This was created as part of a project for
NTU SC3010 to demonstrate a security vulnerability.
To reproduce the exploit, a Docker image of Ubuntu 20.04 was used. A vulnerable
sudo version is then installed and configured to enable the vulnerable exploit.
At that time, Ubuntu did not have this option enabled by default which helped
minimize the impact but the severity of the exploit still gave it a [severity
score of 7.8][nvd-link].
`pwfeedback` is an option which prints out asterisks when the user types their
password for visual feedback.
## Run
1. Build the image using develop.sh.
2. Run the image with `$DOCKER run -i --tty ubuntu:vulnerable-sudo`
Note that a tty is required to interact with sudo in a reasonable manner.
3. Observe that you do not have privileges to run sudo in the image
4. Run `./sudo_sudo <command>` to execute the exploit script.
## Useful Resources
- Write-up by sudo authors: https://www.sudo.ws/security/advisories/pwfeedback/
[nvd-link]: https://nvd.nist.gov/vuln/detail/CVE-2019-18634
文件快照
[4.0K] /data/pocs/9bd464878158e7f7476d38d1ab28313dae6e56cf
├── [1.2K] develop.sh
├── [ 497] Dockerfile
├── [3.5K] exploit.py
├── [ 739] LICENSE
├── [1.1K] README.md
└── [ 218] sudoers
0 directories, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。