Skip to content
A functional exploit for CVE-2019-18634, a BSS overflow in sudo's pwfeedback feature that allows for for privesc
Shell C Perl
Branch: master
Clone or download
Latest commit a7f2b2e Feb 19, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Whoops, uid 0, not 1. Feb 7, 2020
README.md Update README.md Feb 19, 2020
self-contained.sh Fixed file perms Feb 7, 2020

README.md

CVE-2019-18634

⚠️ This code has only been tested on sudo 1.8.25. The bug impacts <1.8.30, but there are differences in character handling that prevent this PoC from executing (this does not mitigate the exploitability of the bug). See #1 ⚠️

Functional exploit for CVE-2019-18634, a heap buffer overflow that leads to privilege escalation on sudo <=1.8.30 if pwfeedback is enabled.
https://dylankatz.com/Analysis-of-CVE-2019-18634/
This repo contains both a single-file script (self-contained.sh), and the scripts used to generate it (under src)
Thanks to yuu and Anonymous_ for help in developing this exploit and these scripts.
Credit to Joe Vennix and William Bowling for the original discovery of the bug and the information on exploiting through 1.8.30.

You can’t perform that action at this time.