CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%
DISPUTED Sudo through 1.8.29 allows local users to escalate to root
if they have write access to file descriptor 3 of the sudo process. This
occurs because of a race condition between determining a uid, and the
setresuid and openat system calls. The attacker can write “ALL ALL=(ALL)
NOPASSWD:ALL” to /proc/#####/fd/3 at a time when Sudo is prompting for a
password. NOTE: This has been disputed due to the way Linux /proc works. It
has been argued that writing to /proc/#####/fd/3 would only be viable if
you had permission to write to /etc/sudoers. Even with write permission to
/proc/#####/fd/3, it would not help you write to /etc/sudoers.
Author | Note |
---|---|
mdeslaur | this isn’t an issue and was rejected by upstream |
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%