18634

페이지 정보

profile_image
작성자봉규 조회 4회 작성일 2021-06-09 07:28:34 댓글 0

본문

Sudo Buffer Overflow | CVE-2019-18634 #tryhackme

A tutorial room exploring CVE-2019-18634 in the Unix Sudo Program.

Use the information for educational purpose

Almost in F - Tranquillity by Kevin MacLeod is licensed under a Creative Commons Attribution 4.0 license. https://creativecommons.org/licenses/by/4.0/

Source: http://incompetech.com/music/royalty-free/index.html?isrc=USUAN1100394

Artist: http://incompetech.com/

sudo buffer overflow - CVE-2019-18634

CVE-2019-18634 is, at the time of writing, the latest offering from Joe Vennix - the same guy who brought us the security bypass vulnerability that we used in the Security Bypass room. This one is slightly more technical, using a Buffer Overflow attack to get root permissions. It has been patched, but affects versions of sudo earlier than 1.8.26.

Let's break this down a little bit.

In the Security Bypass room I mentioned briefly that you can add things to the /etc/sudoers file in order to give lower-privileged users extra permissions. For this exploit we're more interested in one of the other options available: specifically an option called pwfeedback. This option is purely aesthetic, and is usually turned off by default (with the exception of ElementaryOS and Linux Mint - although they will likely now also stop using it). If you have used Linux before then you might have noticed that passwords typed into the terminal usually don't show any output at all; pwfeedback makes it so that whenever you type a character, an asterisk is displayed on the screen. Inside the /etc/sudoers file


Here's the catch. When this option is turned on, it's possible to perform a buffer overflow attack on the sudo command. To explain it really simply, when a program accepts input from a user it stores the data in a set size of storage space. A buffer overflow attack is when you enter so much data into the input that it spills out of this storage space and into the next "box," overwriting the data in it. As far as we're concerned, this means if we fill the password box of the sudo command up with a lot of garbage, we can inject our own stuff in at the end. This could mean that we get a shell as root! This exploit works regardless of whether we have any sudo permissions to begin with, unlike in CVE-2019-14287 where we had to have a very specific set of permissions in the first place.

In this command we're using the programming language Perl to generate a lot of information which we're then passing into the sudo command as a password using the pipe (|) operator. Notice that this doesn't actually give us root permissions -- instead it shows us an error message: Segmentation fault, which basically means that we've tried to access some memory that we weren't supposed to be able to access. This proves that a buffer overflow vulnerability exists: now we just need to exploit it!

This is a program written in C that exploits CVE-2019-18634. In reality BOF attacks are considerably more complicated than in the explanation above, so we're not going to go into a huge amount of detail about what the program is doing exactly, but you can imagine that it's doing the same thing as in the explanation: filling the password field with rubbish information, then overwriting something more important that's in the next "box" with code that gives us a root shell.


sudo-cve-2019-18634

https://raw.githubusercontent.com/saleemrashid/sudo-cve-2019-18634/master/exploit.c

https://www.exploit-db.com/exploits/47995





#oscp
#sudo
#bufferoverflow

PWFeedback Buffer Overflow Vulnerability in Sudo

Looking at Buffer overflow in sudo when pwfeedback is set in sudoers (CVE-2019-18634).
pwfeedback provides a visual response when a key is pressed during a sudo password, unfortunately there is a stack-based buffer overflow which can be triggered when an overly long input is typed into stdin.

Sources:
https://www.sudo.ws/alerts/pwfeedback.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634
https://security-tracker.debian.org/tracker/CVE-2019-18634
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18634.html
https://9to5linux.com/new-sudo-vulnerability-could-allow-attackers-to-obtain-full-root-privileges


Wallpaper: https://cdnb.artstation.com/p/assets/images/images/021/167/739/large/charlie-henson-kde-plasma-scenery-143.jpg

Like my channel? Please help support it:
Patreon: https://www.patreon.com/quidsup
Paypal: https://www.paypal.me/quidsup

Follow me on Social Media
Twitter: https://twitter.com/quidsup
MeWe: https://mewe.com/i/quidsup
Minds: https://minds.com/quidsup

#sudo #vulnerability #CVE-2019-18634
Khyree Holmes : I was affected saw that I have update and saw "sudo" installed it and now it says "3 passwords attempts" see that's why I love Linux.
pizzadude808 : Not affected on the current release of fedora (the last update to sudo was 3 months ago), and yes I have pwfeedback enabled.
Ishan Agarwal : Arch just got a update yesterday for sudo
dsteele27 : I was wondering why sudo was updated yesterday.
T D : Gotta say, you have the trippiest wallpapers my dude

... 

#18634

댓글목록

등록된 댓글이 없습니다.

전체 3,230건 7 페이지
게시물 검색
Copyright © www.arko-yearbook.kr. All rights reserved.  Contact : help@oxmail.xyz