A buffer overflow was found in Sudo that allows a low privileged user to execute commands as root without authentication. This is due to a bug in the “pwfeedback” option. By default, “pwfeedback” is not enabled but there are some Linux distros that do have it enabled by default.
This allows attackers to easily perform privilege escalation on Linux or MacOS machines.
An attacker who is able to access any Linux or MacOS machine can run any command as root.
The maintainers of Sudo have released a patch, 1.8.31, that addresses this issue. Apple has also released a patch for High Sierra 10.13.6, Mojave 10.14.6, and Catalina 10.15.2.