Main Vulnerability Database Exploits ID:4937 - Exploit for Stack-based buffer overflow in Sudo - CVE-2019-18634

ID:4937 - Exploit for Stack-based buffer overflow in Sudo - CVE-2019-18634

Published: December 16, 2020

Vulnerability identifier: #VU24810

Vulnerability risk: Low

CVE-ID: CVE-2019-18634

CWE-ID: CWE-121

Exploitation vector: Local access

Vulnerable software:
Sudo

Link to public exploit:

https://github.com/lockedbyte/CVE-Exploits

Vulnerability description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the getln() function in tgetpass.c, if pwfeedback is enabled in /etc/sudoers. A local user can trigger stack-based buffer overflow and execute arbitrary code on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

ID:4937 - Exploit for Stack-based buffer overflow in Sudo - CVE-2019-18634

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human