CVE-2019-18684

CVE-2019-18684

Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password.

Source: CVE-2019-18684

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다