¡¾·ì϶¹«¸æ¡¿CVE-2019-18634 | sudoȨÏÞÌáÉý·ì϶

°ä²¼¹¦·ò 2020-02-04

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


²¼¾°ÃèÊö


°²È«×êÑÐÈËÔ±·¢ÏÖsudo·¨Ê½´æÔÚÒ»¸ö·ì϶£¬£¬ £¬£¬£¬£¬£¬ÔÚÌØ¶¨ÅäÖÃÏ¿ÉÄÜÔÊÐíµÍÌØÈ¨Óû§»ò¶ñÒⷨʽÔÚLinux»òmacOSϵͳÉÏÒÔrootÉí·ÝÖ´ÐÐËÁÒâºÅÁî ¡£¡£¡£¡£¡£


Ó°ÏìÁìÓò


CVE ID  £º   CVE-2019-18634


Ó°ÏìÁìÓò£º   sudo 1.8.26֮ǰµÄ°æ±¾£¨¹ÌÈ»ÔÚsudo°æ±¾1.8.26ÖÁ1.8.30ÖÐÒ²´æÔڸ÷ì϶£¬£¬ £¬£¬£¬£¬£¬µ«ÓÉÓÚsudo 1.8.26ÖÐÒýÈëµÄEOF´¦Ö÷½Ê½µÄ±ä¶¯£¬£¬ £¬£¬£¬£¬£¬¸Ã·ì϶ÎÞ·¨±»ÀûÓã©


·ì϶ÏêÇé


ÔÚ1.8.26֮ǰµÄsudoÖУ¬£¬ £¬£¬£¬£¬£¬ÈôÊÇÔÚ/etc/sudoersÖÐÆôÓÃÁËpwfeedback£¬£¬ £¬£¬£¬£¬£¬ÔòÓû§Äܹ»ÔÚÌØÈ¨sudo¹ý³ÌÖд¥·¢»ùÓÚ²Ö¿âµÄ»º³åÇøÒç³ö ¡£¡£¡£¡£¡£¹¥»÷Õß±ØÒª½«³¤×Ö·û´®´«µÝ¸øtgetpass.cÖеÄgetln() ¡£¡£¡£¡£¡£


Ö»ÓÐÔÚsudoersÅäÖÃÎļþÖÐÆôÓÃÁË¡° pwfeedback¡±Ñ¡Ïîʱ£¬£¬ £¬£¬£¬£¬£¬ÄÜÁ¦ÀûÓø÷ì϶ ¡£¡£¡£¡£¡£µ±Óû§ÔÚÖÕ¶ËÖÐÊäÈëÃÜÂëʱ£¬£¬ £¬£¬£¬£¬£¬¸ÃÑ¡Ïî»áÌṩÊÓ¾õ·´À¡£¬£¬ £¬£¬£¬£¬£¬¼´ÏÔʾÐǺţ¨*£© ¡£¡£¡£¡£¡£±ØÒª°ÑÎȵÄÊÇ£¬£¬ £¬£¬£¬£¬£¬ÔÚsudoµÄÉÏÓΰ汾»òºÜ¶àÆäËüÈí¼þ°üÖУ¬£¬ £¬£¬£¬£¬£¬Ä¬ÈÏÇé¿öÏÂδÆôÓÃpwfeedbackÖ°ÄÜ ¡£¡£¡£¡£¡£µ«ÊÇ£¬£¬ £¬£¬£¬£¬£¬Ä³Ð©Linux¿¯Ðа棨ÀýÈçLinux MintºÍElementary OS£©ÔÚÆäĬÈÏsudoersÎļþÖÐÆôÓÃÁ˸ÃÖ°ÄÜ ¡£¡£¡£¡£¡£


³ý´ËÖ®±í£¬£¬ £¬£¬£¬£¬£¬ÆôÓÃpwfeedbackʱ£¬£¬ £¬£¬£¬£¬£¬¼´±ãûÓÐsudoȨÏÞ£¬£¬ £¬£¬£¬£¬£¬ÈκÎÓû§¶¼Äܹ»ÀûÓô˷ì϶ ¡£¡£¡£¡£¡£


½¨¸´½¨Òé


¸üÐÂÖÁsudo°æ±¾1.8.31 ¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://nvd.nist.gov/vuln/detail/CVE-2019-18634

https://thehackernews.com/2020/02/sudo-linux-vulnerability.html

https://securityaffairs.co/wordpress/97265/breaking-news/sudo-cve-2019-18634-flaw.html