This is a basic reproduction of CVE-2019-18634, a privilege escalation exploit in sudo with pwfeedback enabled. This was created as part of a project for NTU SC3010 to demonstrate a security vulnerability.
To reproduce the exploit, a Docker image of Ubuntu 20.04 was used. A vulnerable sudo version is then installed and configured to enable the vulnerable exploit.
At that time, Ubuntu did not have this option enabled by default which helped minimize the impact but the severity of the exploit still gave it a severity score of 7.8.
pwfeedback
is an option which prints out asterisks when the user types their
password for visual feedback.
- Build the image using develop.sh.
- Run the image with
$DOCKER run -i --tty ubuntu:vulnerable-sudo
Note that a tty is required to interact with sudo in a reasonable manner. - Observe that you do not have privileges to run sudo in the image
- Run
./sudo_sudo <command>
to execute the exploit script.
- Write-up by sudo authors: https://www.sudo.ws/security/advisories/pwfeedback/