CVE-2019-18684
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers
** EN DISPUTA ** Sudo versiones hasta 1.8.29, permite a los usuarios locales escalar a root si poseen acceso de escritura al descriptor de archivo 3 del proceso sudo. Esto se presenta debido a una condición de carrera entre la determinación de un uid y las llamadas al sistema setresuid y openat. El atacante puede escribir "ALL ALL=(ALL) NOPASSWD:ALL" en /proc/#####/fd/3 en un momento cuando Sudo solicita una contraseña. NOTA: Esto se ha disputado debido a la forma en que funciona Linux /proc. Se ha argumentado que escribir en /proc/#####/fd/3 solo sería viable si tuviera permiso para escribir en /etc/sudoers. Incluso con permiso de escritura en /proc/#####/fd/3, no le ayudaría a escribir en /etc/sudoers.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-04 CVE Reserved
- 2019-11-04 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://gist.github.com/oxagast/51171aa161074188a11d96cbef884bbd | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sudo Project Search vendor "Sudo Project" | Sudo Search vendor "Sudo Project" for product "Sudo" | <= 1.8.29 Search vendor "Sudo Project" for product "Sudo" and version " <= 1.8.29" | - |
Affected
| ||||||