3 matches found
CVE-2019-18684
Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=ALL NOPASSWD:ALL" to...
BELL-CVE-2019-18684 CVE-2019-18684 does not affect BellSoft software
Bulletin has no description...
CVE-2019-18684
CVE-2019-18684 affects sudo up to version 1.8.29. A race condition between uid determination and the setresuid/openat calls can allow a local attacker with write access to the sudo process’s file descriptor 3 to inject a payload (e.g., "ALL ALL=(ALL) NOPASSWD:ALL") while password prompting, poten...