ALAS2-2020-1404 --- sudo
|ID: oval:org.secpod.oval:def:1700314||Date: (C)2020-03-23 (M)2020-03-23|
|Class: PATCH||Family: unix|
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. The attacker needs to deliver a long string to the stdin of getln in tgetpass.c.