CVE-2019-18684

Name of the Vulnerable Software and Affected Versions Sudo versions prior to 1.8.30

Description The issue allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs due to a race condition between determining a uid, and the setresuid and openat system calls. An attacker can exploit this by writing "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. However, it has been disputed due to the way Linux /proc works, suggesting that writing to /proc/#####/fd/3 would only be viable with permission to write to /etc/sudoers.

Recommendations For Sudo versions prior to 1.8.30, update to version 1.8.30 or later to resolve the issue. As a temporary workaround, consider restricting write access to file descriptor 3 of the sudo process to minimize the risk of exploitation.