CVE-2019-18684
published 2019-11-04CVE-2019-18684: Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race…
PriorityP432high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.29%
21.0th percentile
Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sudo_project | sudo | <= 1.8.29 | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h9q8-53pc-hhxf: Sudo through 1
ghsa_unreviewed·2022-05-24
CVE-2019-18684 [HIGH] CWE-362 GHSA-h9q8-53pc-hhxf: Sudo through 1
Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password.
Red Hat
sudo: privilege escalation via write access to file descriptor 3 of the sudo process
vendor_redhat·2019-11-07·CVSS 7.0
CVE-2019-18684 [HIGH] CWE-362 sudo: privilege escalation via write access to file descriptor 3 of the sudo process
sudo: privilege escalation via write access to file descriptor 3 of the sudo process
Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers
Package: sudo (Red Hat Enterprise Linux 5) - Not affected
Package: sudo (Red H
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-18684 sudo: privilege escalation via write access to file descriptor 3 of the sudo process
bugzilla·2019-11-12·CVSS 7.0
CVE-2019-18684 [HIGH] CVE-2019-18684 sudo: privilege escalation via write access to file descriptor 3 of the sudo process
CVE-2019-18684 sudo: privilege escalation via write access to file descriptor 3 of the sudo process
Sudo through 1.8.29 allows local users to escalate to root if they have writeaccess to file descriptor 3 of the sudo process. This occurs because of a racecondition between determining a uid, and the setresuid and openat system calls.The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at atime when Sudo is prompting for a password.
References:
https://gist.github.com/oxagast/51171aa161074188a11d96cbef884bbd
Discussion:
Closing this flaw bug as NOTABUG as the CVE has been DISPUTED.
To be able to access /proc//fd/, an attacker should already be able to access it.
arXiv
Timeloops: Automatic System Call Policy Learning for Containerized Microservices
arxiv_fulltext·2022-09-26
Timeloops: Automatic System Call Policy Learning for Containerized Microservices
Meghna Pancholi
[email protected]
Columbia University
Andreas D. Kellas
[email protected]
Columbia University
Vasileios P. Kemerlis
[email protected]
Brown University
Simha Sethumadhavan
[email protected]
Columbia University
## Abstract
We introduce , a novel technique for automatically learning system
call filtering policies for containerized microservices applications. At
run-time, automatically learns which system calls a program should
be allowed to invoke, while rejecting attempts to call spurious system calls.
Further, addresses many of the shortcomings of state-of-the-art
static analysis-based techniques, such as the ability to generate tight filters
for programs written in interpreted languages such as PHP, Python, and
JavaScript. has a simple and rob
2019-11-04
Published