Results 1 to 5 of 5

Thread: PWFeedback Buffer Overflow Vulnerability in Sudo - is Ubuntu affected by this?

  1. #1
    Join Date
    Aug 2015
    Beans
    453

    PWFeedback Buffer Overflow Vulnerability in Sudo - is Ubuntu affected by this?


  2. #2
    Join Date
    Nov 2019
    Beans
    Hidden!

    Cool Sudo Vulneraility

    Sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux. The flaw can only be exploited when the "pwfeedback" option is enabled in the sudoers configuration file, a feature that provides visual feedback, an asterisk (*), when a user inputs password in the terminal. When pwfeedback is enabled, the vulnerability can be exploited by any user, even without sudo permissions. To determine if your sudoers configuration is affected, you can run "sudo -l" command on your Linux terminal to find whether the "pwfeedback" option is enabled and listed in the "Matching Defaults entries" output.
    If enabled, you can disable the vulnerable component by changing "Defaults pwfeedback" to "Defaults !pwfeedback" in the sudoers configuration file to prevent the exploitation of the privilege escalation vulnerability.
    Sudo, stands for "superuser do," is a system command that allows a user to run applications or commands with the privileges of a different user without switching environments—most often, for running commands as the root user. I intend to be more cautious with sudo, firewall configuration, etc.

  3. #3
    Join Date
    Jul 2010
    Location
    ozarks, Arkansas, USA
    Beans
    13,509
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: PWFeedback Buffer Overflow Vulnerability in Sudo - is Ubuntu affected by this?

    ardouronerous; Hello -

    No, ubuntu is not affected by default:
    Code:
    sudo -l
    sysop@x1804mini:~$ sudo -l
    [sudo] password for sysop:
    Matching Defaults entries for sysop on x1804mini:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin,
    insults

    User sysop may run the following commands on x1804mini:
    (ALL : ALL) ALL
    sysop@x1804mini:~$
    "pwfeedback," is not in the list

    See: https://arstechnica.com/information-...-gets-a-patch/

    -my bit to help-
    THE current(cy) in Documentation:
    https://help.ubuntu.com/community/PopularPages

    Happy ubuntu'n !

  4. #4
    Join Date
    Aug 2015
    Beans
    453

    Re: PWFeedback Buffer Overflow Vulnerability in Sudo - is Ubuntu affected by this?

    Thanks for the clarification.

  5. #5
    Join Date
    Feb 2008
    Location
    Texas
    Beans
    27,973
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: PWFeedback Buffer Overflow Vulnerability in Sudo - is Ubuntu affected by this?

    Thread moved to Security a more appropriate sub-forum.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •