A CVE Journey: From Crash to Local Privilege Escalation
This post is a complete walkthrough for the process of writing an exploit for CVE 2019-18634. I will talk about the methodologies used and why is it such a good bug to begin your real world exploitation skills. This bug allows for Local Privilege Escalation because of a BSS based overflow, which allows for the overwrite of user_details struct with uid 0, essentially escalating your privilege. This bug can be triggered even by users not listed in the sudoers file There is no impact unless pwfeedback has been enabled.