exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 4614-1

Debian Security Advisory 4614-1
Posted Feb 3, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4614-1 - Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the "pwfeedback" option enabled. An unprivileged user can take advantage of this flaw to obtain full root privileges.

tags | advisory, overflow, root
systems | linux, debian
advisories | CVE-2019-18634
SHA-256 | 2957f727438c3e2bd92e2e038adc6d4f2ddfaacd4b035ca5555aec139dae983f

Debian Security Advisory 4614-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4614-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 01, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : sudo
CVE ID : CVE-2019-18634
Debian Bug : 950371

Joe Vennix discovered a stack-based buffer overflow vulnerability in
sudo, a program designed to provide limited super user privileges to
specific users, triggerable when configured with the "pwfeedback" option
enabled. An unprivileged user can take advantage of this flaw to obtain
full root privileges.

Details can be found in the upstream advisory at
https://www.sudo.ws/alerts/pwfeedback.html .

For the oldstable distribution (stretch), this problem has been fixed
in version 1.8.19p1-2.1+deb9u2.

For the stable distribution (buster), exploitation of the bug is
prevented due to a change in EOF handling introduced in 1.8.26.

We recommend that you upgrade your sudo packages.

For the detailed security status of sudo please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/sudo

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl41cVhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QaKg//TnJPVomILAWCWCSHNUuzuH9c0tBli4KtTw+5QeFwcAeareJbleatZqJh
CHi9WI8Dl7nnE0V1mKOgE1pXhrV1WJQrMHidocDo7Aejiyn4EU31HxHsAYv+RvqN
E4nNRckP1PEoL9JpGHUMOI3O8mvB+2Nnds0ihy8P+WcZxlxVw+CQuK2omFBhdlwr
pgdfBq3khgz5mBx5pzdxIrs9fgJA5Txr+LaOHm06ZL9cP1FTcBK31t1RllKy4bjK
bg+igCLVTTqU/8Sydc65UM+rHgx4ljG7bCFWJ3GuRJeeXm1vavfjmCXh8x2ezd3K
EsB+FxHDdGpKqwi4bFqWUjijOqaElqAAu/q+xZYzzXZSfIynB5YNfL8tVuq4fsL3
MQdUU/0fZZD5RJW5B2uxppVoHZ15IhG2kRqZK4unCzCcwmXdgKTM+eA6wEp0ib7o
Ol3mAWIdUcYzDuKFZU1Ry+62Przm9NX0XXh86Hrigk1oEWcq0iusgGiPPgp4j0mF
JjTXAU2fdR5abzLCxkMDKiv+2UnU93/V+4JBLrTijWal2zl9DwD0i+OQVK9ZNxW1
mgj+n7D5iyDNF9ptkP3/0hiL1ITHpWhcbEBAYaNFLD1kv3brNGMNsZzpIXVC6NU9
2KK/2DNyetqnZkmNOt0JQ+G0JFyfouauXi1qr0qCc8PK/f5mLBQ=
=d97L
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close