Vulnerability type: Use after free, double free
Versions affected: 3.12 and 3.13
Versions fixed: 3.14 and later
Public announcement: 2018-04-01
CVE IDs: CVE-2018-0493
Santosh Ananthakrishnan discovered incorrect memory management in the
remctld and remctl-shell servers when handling commands with the sudo
configuration option. For remctld, it may be possible (although appears to
be difficult) for a client to execute arbitrary commands on the server. To
exploit this vulnerability, the client must have access to run a command
that uses the sudo configuration option. The client would then need to run
the command using sudo multiple times in a single connection using
I'm not aware of any exploits in the wild. remctl-shell is not affected,
This problem has been fixed in remctl 3.14, available from:
It has also been fixed in Debian stable (stretch) in the 3.13-1+deb9u1
package version, and in Debian unstable in the 3.14-1 package version.
Only the remctl-server package is affected. This bug is not present in
older Debian releases.
My apologies for this memory management error. It's an obvious error in
context and was probably left over from a code refactoring when developing
the sudo feature. I hope to include better automated memory management
testing in the next release of remctl after 3.14.