Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative (‘root’) privileges on Linux or macOS systems.
Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based operating system.
Sudo has been designed to let users run apps or commands with the privileges of a different user without switching environments.
Sudo Vulnerability (CVE-2019-18634)
The newly discovered privilege escalation vulnerability, tracked as CVE-2019-18634, in question stems from a stack-based buffer overflow issue that resides in Sudo versions before 1.8.26.
According to Vennix, the flaw can only be exploited when the “pwfeedback” option is enabled in the sudoers configuration file, a feature that provides visual feedback, an asterisk (*), when a user inputs password in the terminal.
To be noted, the pwfeedback feature is not enabled by default in the upstream version of sudo or many other packages. However, some Linux distributions, such as Linux Mint and Elementary OS, do enable it in their default sudoers files.
images from Hacker News