CVE-2022-43995: Sudo heap overflow vulnerability affect Linux distros

A vulnerability affecting plugins/sudoers/auth/passwd.c in Sudo could have resulted in the user gaining root privileges.

Tracked as CVE-2022-43995, the vulnerability was discovered by Hugo Lefeuvre (University of Manchester) with ConfFuzz in Sudo’s crypt() password backend for Linux. Sudo is vulnerable to a heap-based buffer over-read, caused by an array-out-of-bounds error in Sudo’s plugins/sudoers/auth/passwd.c.

Sudo (su “do”) allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.

“Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the compiler and processor architecture,” according to the MITRE website.

Buffer over-reads can result in erratic program behavior, including memory access errors, incorrect results, crashes, or breaches of system security. Thus, they are the basis of many software vulnerabilities and can be maliciously exploited to access privileged information.

CVE-2022-43995 was found to affect all Sudo versions from 1.8 through 1.9.12. At present, there is no new version to patch the bug. To fix this flaw, a commit was submitted, and the user need to download and install the Sudo manual.