cve/2019/CVE-2019-18634.md

### [CVE-2019-18634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

### POC

#### Reference
- http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html
- http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html
- http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html
- http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html
- https://seclists.org/bugtraq/2020/Feb/2
- https://seclists.org/bugtraq/2020/Feb/2

#### Github
- https://github.com/0dayhunter/Linux-Privilege-Escalation-Resources
- https://github.com/0xStrygwyr/OSCP-Guide
- https://github.com/0xT11/CVE-POC
- https://github.com/0xZipp0/OSCP
- https://github.com/0xsyr0/OSCP
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AfvanMoopen/tryhackme-
- https://github.com/CyberSec-Monkey/Zero2H4x0r
- https://github.com/DDayLuong/CVE-2019-18634
- https://github.com/DarkFunct/CVE_Exploits
- https://github.com/Dinesh-999/Hacking_contents
- https://github.com/Drakfunc/CVE_Exploits
- https://github.com/DrewSC13/Linpeas
- https://github.com/InesMartins31/iot-cves
- https://github.com/Ly0nt4r/OSCP
- https://github.com/N1et/CVE-2019-18634
- https://github.com/Plazmaz/CVE-2019-18634
- https://github.com/R0seSecurity/Linux_Priviledge_Escalation
- https://github.com/Retr0-ll/2023-littleTerm
- https://github.com/Retr0-ll/littleterm
- https://github.com/RoqueNight/Linux-Privilege-Escalation-Basics
- https://github.com/SirElmard/ethical_hacking
- https://github.com/Srinunaik000/Srinunaik000
- https://github.com/TCM-Course-Resources/Linux-Privilege-Escalation-Resources
- https://github.com/TH3xACE/SUDO_KILLER
- https://github.com/TheJoyOfHacking/saleemrashid-sudo-cve-2019-18634
- https://github.com/Timirepo/CVE_Exploits
- https://github.com/Y3A/CVE-2019-18634
- https://github.com/ZeusBanda/Linux_Priv-Esc_Cheatsheet
- https://github.com/aesophor/CVE-2019-18634
- https://github.com/brootware/awesome-cyber-security-university
- https://github.com/brootware/cyber-security-university
- https://github.com/catsecorg/CatSec-TryHackMe-WriteUps
- https://github.com/chanbakjsd/CVE-2019-18634
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/e-hakson/OSCP
- https://github.com/edsonjt81/sudo-cve-2019-18634
- https://github.com/eljosep/OSCP-Guide
- https://github.com/geleiaa/ceve-s
- https://github.com/go-bi/go-bi-soft
- https://github.com/gurkylee/Linux-Privilege-Escalation-Basics
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/bug-bounty
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/klecko/exploits
- https://github.com/lockedbyte/CVE-Exploits
- https://github.com/lockedbyte/lockedbyte
- https://github.com/migueltc13/KoTH-Tools
- https://github.com/nitishbadole/oscp-note-3
- https://github.com/notnue/Linux-Privilege-Escalation
- https://github.com/oscpname/OSCP_cheat
- https://github.com/pmihsan/Sudo-PwdFeedback-Buffer-Overflow
- https://github.com/ptef/CVE-2019-18634
- https://github.com/retr0-13/Linux-Privilege-Escalation-Basics
- https://github.com/revanmalang/OSCP
- https://github.com/saleemrashid/sudo-cve-2019-18634
- https://github.com/sbonds/custom-inspec
- https://github.com/siddicky/yotjf
- https://github.com/substing/internal_ctf
- https://github.com/testermas/tryhackme
- https://github.com/txuswashere/OSCP
- https://github.com/txuswashere/Pentesting-Linux
- https://github.com/xhref/OSCP
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-18634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://seclists.org/bugtraq/2020/Feb/2`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://seclists.org/bugtraq/2020/Feb/2`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`#### Github`
			`- https://github.com/0dayhunter/Linux-Privilege-Escalation-Resources`
			`- https://github.com/0xStrygwyr/OSCP-Guide`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/0xZipp0/OSCP`
			`- https://github.com/0xsyr0/OSCP`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/AfvanMoopen/tryhackme-`
			`- https://github.com/CyberSec-Monkey/Zero2H4x0r`
			`- https://github.com/DDayLuong/CVE-2019-18634`
			`- https://github.com/DarkFunct/CVE_Exploits`
			`- https://github.com/Dinesh-999/Hacking_contents`
			`- https://github.com/Drakfunc/CVE_Exploits`
Update CVE sources 2024-06-08 09:32 2024-06-08 09:32:58 +00:00			`- https://github.com/DrewSC13/Linpeas`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/InesMartins31/iot-cves`
			`- https://github.com/Ly0nt4r/OSCP`
			`- https://github.com/N1et/CVE-2019-18634`
			`- https://github.com/Plazmaz/CVE-2019-18634`
			`- https://github.com/R0seSecurity/Linux_Priviledge_Escalation`
			`- https://github.com/Retr0-ll/2023-littleTerm`
			`- https://github.com/Retr0-ll/littleterm`
			`- https://github.com/RoqueNight/Linux-Privilege-Escalation-Basics`
			`- https://github.com/SirElmard/ethical_hacking`
			`- https://github.com/Srinunaik000/Srinunaik000`
			`- https://github.com/TCM-Course-Resources/Linux-Privilege-Escalation-Resources`
Update CVE sources 2024-06-07 04:52 2024-06-07 04:52:01 +00:00			`- https://github.com/TH3xACE/SUDO_KILLER`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/TheJoyOfHacking/saleemrashid-sudo-cve-2019-18634`
			`- https://github.com/Timirepo/CVE_Exploits`
			`- https://github.com/Y3A/CVE-2019-18634`
			`- https://github.com/ZeusBanda/Linux_Priv-Esc_Cheatsheet`
			`- https://github.com/aesophor/CVE-2019-18634`
			`- https://github.com/brootware/awesome-cyber-security-university`
			`- https://github.com/brootware/cyber-security-university`
			`- https://github.com/catsecorg/CatSec-TryHackMe-WriteUps`
			`- https://github.com/chanbakjsd/CVE-2019-18634`
			`- https://github.com/developer3000S/PoC-in-GitHub`
			`- https://github.com/e-hakson/OSCP`
			`- https://github.com/edsonjt81/sudo-cve-2019-18634`
			`- https://github.com/eljosep/OSCP-Guide`
			`- https://github.com/geleiaa/ceve-s`
			`- https://github.com/go-bi/go-bi-soft`
			`- https://github.com/gurkylee/Linux-Privilege-Escalation-Basics`
			`- https://github.com/hectorgie/PoC-in-GitHub`
			`- https://github.com/hktalent/bug-bounty`
			`- https://github.com/kgwanjala/oscp-cheatsheet`
			`- https://github.com/klecko/exploits`
			`- https://github.com/lockedbyte/CVE-Exploits`
			`- https://github.com/lockedbyte/lockedbyte`
			`- https://github.com/migueltc13/KoTH-Tools`
			`- https://github.com/nitishbadole/oscp-note-3`
			`- https://github.com/notnue/Linux-Privilege-Escalation`
			`- https://github.com/oscpname/OSCP_cheat`
			`- https://github.com/pmihsan/Sudo-PwdFeedback-Buffer-Overflow`
			`- https://github.com/ptef/CVE-2019-18634`
			`- https://github.com/retr0-13/Linux-Privilege-Escalation-Basics`
			`- https://github.com/revanmalang/OSCP`
			`- https://github.com/saleemrashid/sudo-cve-2019-18634`
			`- https://github.com/sbonds/custom-inspec`
			`- https://github.com/siddicky/yotjf`
			`- https://github.com/substing/internal_ctf`
			`- https://github.com/testermas/tryhackme`
			`- https://github.com/txuswashere/OSCP`
			`- https://github.com/txuswashere/Pentesting-Linux`
			`- https://github.com/xhref/OSCP`