A ten-year-old sudo vulnerability that uncovered Linux and macOS allowed any consumer to acquire root privileges has lastly been patched with the discharge of model 1.8.31.
The safety flaw resides within the pwfeedback possibility, which is enabled by default on distros like Linux Mint and elementary OS. Because of the bug, any consumer can set off a stack-based buffer overflow even when they aren’t listed within the sudoers file.
The vulnerability exists in variations 1.7.1 to 1.8.25p1, however variations 1.8.26 by way of 1.8.30 will be abused as a result of they embody modifications in EOF dealing with that block such an exploit. Sudo 1.7.1 was launched on April 19, 2009, whereas the primary patch model (1.8.26) landed on September 17, 2019, so the bug is about 10 years previous.
Patch already out there
Version 1.8.31 features a patch to dam the exploit, but when putting in this newest launch isn’t attainable, disabling pwfeedback is the best approach to keep safe. Only units the place pwfeedback is enabled are uncovered to assaults.
“Exploiting the bug doesn’t require sudo permissions, merely that pwfeedback be enabled. The bug will be reproduced by passing a big enter to sudo by way of a pipe when it prompts for a password,” an advisory launched a number of days in the past explains.
“If pwfeedback is enabled in sudoers, the stack overflow might permit unprivileged customers to escalate to the foundation account. Because the attacker has full management of the information used to overflow the buffer, there’s a excessive probability of exploitability.”
If you wish to test if pwfeedback is enabled on a selected machine, you need to use the next command:
pwfeedback is a function that was added particularly to offer customers with visible suggestions within the type of an asterisk each time they enter the password in a selected window. While some Linux distros ship with this feature disabled, others allow it by default, and updating units working these needs to be a precedence to forestall any attainable exploits.