← Back to Projects

CS367 Final Project — CVE-2019-18634: sudo pwfeedback Buffer Overflow - Writeup

Authors: Aryan Ghosh, Tung Nguyen
Date: May 20, 2025
Course: CS367 — Computer Systems & Security
CVE: CVE-2019-18634 (sudo pwfeedback buffer overflow)

Summary

This project analyzes and reproduces CVE-2019-18634, a critical buffer overflow vulnerability in sudo triggered by the pwfeedback feature. When enabled, a local attacker can exploit the bug to achieve root privileges by overflowing a user-input buffer during password entry.

Our work recreates the vulnerability in a controlled VM environment, examines the root cause in sudo’s source code, and demonstrates a working proof-of-concept exploit. We also propose mitigations and analyze the impact on real-world systems.

Full Report:
🔗 View complete PDF report

Objective

  • Understand the conditions required to trigger the pwfeedback buffer overflow.
  • Modify system configuration to enable the vulnerable state.
  • Reproduce the exploit reliably in a Linux VM.
  • Demonstrate local privilege escalation.
  • Analyze the vulnerable sudo code path and identify the exact cause of the overflow.
  • Document mitigations and lessons learned.

Environment

  • OS: Ubuntu / Debian-based VM
  • Sudo version: vulnerable version prior to 1.8.31p2
  • Configuration changed: pwfeedback enabled via /etc/sudoers
  • Tools used: gdb, gcc, strace, custom PoC exploit code

Root Cause Analysis

The vulnerability arises from improper bounds checking in sudo’s tgetpass.c code when pwfeedback is enabled. Each entered character triggers terminal feedback output, which leads to an off-by-one buffer overflow in the raw input buffer.

Key points:

  • Triggered only when pwfeedback is enabled
  • Requires local access (non-admin)
  • Overflow allows controlled memory corruption
  • Leads to potential privilege escalation to root

Steps Performed

  1. Enabled the vulnerable configuration
    Added to /etc/sudoers:
    Defaults pwfeedback

  2. Verified the sudo version
    Ensured it was within the vulnerable range.

  3. Tested the overflow manually
    Entered long sequences of characters to observe abnormal behavior.

  4. Implemented a PoC exploit
    Wrote a malicious input payload designed to overflow the buffer and influence control flow.

  5. Debugged using GDB
    Identified memory regions, offsets, and buffer boundaries.

  6. Successfully escalated privileges
    Verified root access after successful exploitation.

Impact

If exploitable, this vulnerability allows any local user to gain root privileges, completely compromising the target system’s integrity and confidentiality.

Modern distributions patched the issue by:

  • Removing or disabling pwfeedback
  • Adding stricter bounds checking
  • Releasing fixed sudo versions

Mitigation Recommendations

  • Update sudo to 1.8.31p2 or later.
  • Ensure pwfeedback is disabled (default).
  • Restrict local shell access where possible.
  • Monitor /etc/sudoers for unauthorized changes.