Wind River Support Network

HomeDefectsLIN1019-3292
Fixed

LIN1019-3292 : Security Advisory - sudo - CVE-2019-18684

Created: Nov 6, 2019    Updated: Dec 18, 2019
Resolved Date: Dec 18, 2019
Found In Version: 10.19.45.1
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace

Description


Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password.

CREATE(Triage):(User=admin) CVE-2019-18684

CVEs


Live chat
Online