A notable vulnerability has been identified in the widely utilized sudo utility by Joe Vennix from Apple Security. Under certain configurations, this flaw could permit low-privileged users or harmful applications to execute commands with elevated administrative privileges on Linux and macOS operating systems. Sudo, a critical command-line utility, allows users to run commands or applications with the privileges of another user without switching sessions.
This vulnerability, designated as CVE-2019-18634, is a privilege escalation issue arising from a stack-based buffer overflow in versions of Sudo prior to 1.8.26. According to Vennix, exploitation of this vulnerability is contingent upon the “pwfeedback” option being enabled within the sudoers configuration. This feature provides users with a visual cue, specifically an asterisk (*), as they input their passwords.
While pwfeedback is not enabled by default in the core version of sudo or many distributions, certain Linux variants such as Linux Mint and Elementary OS do include it in their default configurations. The presence of this feature can increase the risk, as any user can exploit the vulnerability without needing sudo permissions when pwfeedback is active.
Sudo developer Todd C. Miller has indicated that an attacker could trigger the bug by providing excessive input to sudo when prompted for a password. Since attackers can manipulate the data responsible for the buffer overflow, the likelihood of successful exploitation is significantly heightened.
To determine exposure to this risk, users can execute the “sudo -l” command in their terminal, checking for the “pwfeedback” option within the “Matching Defaults entries.” If this feature is enabled, it is advisable to modify the sudoers configuration file, changing “Defaults pwfeedback” to “Defaults !pwfeedback” to mitigate the risk of exploitation.
Vennix reported the vulnerability to Sudo maintainers, who subsequently released version 1.8.31 with a patch addressing the vulnerability. It is important to note that while versions 1.8.26 through 1.8.30 contain the same logical flaw, changes in EOF handling introduced in version 1.8.26 prevent exploitability. Additionally, Apple has provided updates for macOS versions High Sierra 10.13.6, Mojave 10.14.6, and Catalina 10.15.2 to address this issue.
This incident underscores the critical importance of ongoing security vigilance, particularly regarding command-line utilities that operate with elevated privileges. In light of the potential for privilege escalation, organizations should remain proactive in assessing their configurations and promptly applying patches released by software maintainers.
For business owners and tech professionals, the implications of such vulnerabilities are significant. The MITRE ATT&CK framework identifies this incident with tactics including privilege escalation and execution, highlighting the necessity for a comprehensive security strategy that encompasses regular configuration checks and system updates.
In summary, as vulnerabilities like CVE-2019-18634 come to light, staying informed and integrating preventive measures should be a top priority for any organization reliant on Linux or macOS systems.