CVE-2019-18634 PoC — Sudo 缓冲区错误漏洞

Source

https://github.com/aesophor/CVE-2019-18634

Associated Vulnerability

Title:Sudo 缓冲区错误漏洞 (CVE-2019-18634)
Description:Sudo是一款使用于类Unix系统的，允许用户通过安全的方式使用特殊的权限执行命令的程序。 Sudo 1.8.26之前版本中存在缓冲区错误漏洞，该漏洞源于程序没有正确检查边界。本地攻击者可借助特制字符串利用该漏洞在系统上执行任意代码。

Description

My n-day exploit for CVE-2019-18634 (local privilege escalation)

Readme

## CVE-2019-18634 N-Day Exploit

<img src="/.meta/cover.png">

## Slides

https://docs.google.com/presentation/d/11DpUy9Ll_HeuPRSgzaTARHPwlq01v_yyqbnJURlG9Ss/edit?usp=sharing

## Requirements

* Ubuntu 20.04
* sudo 1.8.25 (see below for how to build it manually)
* Python3
* [pwntools](https://github.com/Gallopsled/pwntools#installation)

## Enable pwfeedback

```
sudo visudo
```

Change this line

```
Defaults env_reset
```

To this

```
Defaults env_reset,pwfeedback
```

## Checkout sudo 1.8.25

```
git clone https://github.com/sudo-project/sudo
cd sudo
git fetch --all --tags
git checkout SUDO_1_8_25
```
## Install Pwntools

```
sudo apt-get update
sudo apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential
sudo python3 -m pip install --upgrade pip
sudo python3 -m pip install --upgrade pwntools
```

## Configure and Build

```
./configure --prefix=/usr/local
make
sudo make install
```

## Clone this repo and Run

```
git clone https://github.com/aesophor/CVE-2019-18634
cd CVE-2019-18634
./exploit.py
```

File Snapshot


 [4.0K]  /data/pocs/d6d3e934f5a82c333668b3c1b5fb5c78a425254d
├── [1.5K]  exploit.py
└── [1.0K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!