14 DAY TRIAL // A ten-year-old sudo vulnerability that exposed Linux and macOS allowed any user to obtain root privileges has finally been patched with the release of version 1.8.31.
The security flaw resides in the pwfeedback option, which is enabled by default on distros like Linux Mint and elementary OS. Because of the bug, any user can trigger a stack-based buffer overflow even if they aren’t listed in the sudoers file.
The vulnerability exists in versions 1.7.1 to 1.8.25p1, but versions 1.8.26 through 1.8.30 can be abused because they include changes in EOF handling that block such an exploit. Sudo 1.7.1 was released on April 19, 2009, while the first patch version (1.8.26) landed on September 17, 2019, so the bug is about 10 years old.
Patch already available
Version 1.8.31 includes a patch to block the exploit, but if installing this latest release isn’t possible, disabling pwfeedback is the easiest way to stay secure. Only devices where pwfeedback is enabled are exposed to attacks.
“Exploiting the bug does not require sudo permissions, merely that pwfeedback be enabled. The bug can be reproduced by passing a large input to sudo via a pipe when it prompts for a password,” an advisory released a few days ago explains.
“If pwfeedback is enabled in sudoers, the stack overflow may allow unprivileged users to escalate to the root account. Because the attacker has complete control of the data used to overflow the buffer, there is a high likelihood of exploitability.”
If you want to check if pwfeedback is enabled on a specific device, you can use the following command:
sudo -l