This is an analysis of a vulnerability discovered by Juan Sacco. The vulnerability has no given CVE ID.
The interesting fact here is that at the time of writing, the latest version for linux-based systems is the vulnerable version.
Continue readingMonth: December 2020
CVE-2019-18634 OOB write – analysis and development of a working PoC
CVE-2019-18634 is a vulnerability in sudo prior to version 1.8.26, but then discovered to be possible to exploit in versions after 1.8.26 until 1.8.30. This means the only way to be full patched is using sudo version 1.8.31.
Continue reading