A reproduction of CVE-2019-18634, sudo privilege escalation with buffer overflow.# CVE-2019-18634
This is a basic reproduction of CVE-2019-18634, a privilege escalation exploit
in sudo with pwfeedback enabled. This was created as part of a project for
NTU SC3010 to demonstrate a security vulnerability.
To reproduce the exploit, a Docker image of Ubuntu 20.04 was used. A vulnerable
sudo version is then installed and configured to enable the vulnerable exploit.
At that time, Ubuntu did not have this option enabled by default which helped
minimize the impact but the severity of the exploit still gave it a [severity
score of 7.8][nvd-link].
`pwfeedback` is an option which prints out asterisks when the user types their
password for visual feedback.
## Run
1. Build the image using develop.sh.
2. Run the image with `$DOCKER run -i --tty ubuntu:vulnerable-sudo`
Note that a tty is required to interact with sudo in a reasonable manner.
3. Observe that you do not have privileges to run sudo in the image
4. Run `./sudo_sudo <command>` to execute the exploit script.
## Useful Resources
- Write-up by sudo authors: https://www.sudo.ws/security/advisories/pwfeedback/
[nvd-link]: https://nvd.nist.gov/vuln/detail/CVE-2019-18634
[4.0K] /data/pocs/9bd464878158e7f7476d38d1ab28313dae6e56cf
├── [1.2K] develop.sh
├── [ 497] Dockerfile
├── [3.5K] exploit.py
├── [ 739] LICENSE
├── [1.1K] README.md
└── [ 218] sudoers
0 directories, 6 files