Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-18684

EPSS 0.10% · P28
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-18684

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sudo 竞争条件问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sudo是一款使用于类Unix系统的,允许用户通过安全的方式使用特殊的权限执行命令的程序。 Sudo 1.8.29及之前版本中存在安全漏洞。本地攻击者可利用该漏洞将权限提升至root。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2019-18684

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-18684

登录查看更多情报信息。

Same Patch Batch · n/a · 2019-11-04 · 23 CVEs total

CVE-2019-18178Real Time Engineers FreeRTOS+FAT 资源管理错误漏洞
CVE-2010-3669TYPO3 跨站脚本漏洞
CVE-2010-3668TYPO3 注入漏洞
CVE-2010-3667TYPO3 输入验证错误漏洞
CVE-2010-3666TYPO3 安全特征问题漏洞
CVE-2010-3665TYPO3 跨站脚本漏洞
CVE-2010-3664TYPO3 信息泄露漏洞
CVE-2010-3663TYPO3 代码问题漏洞
CVE-2010-3662TYPO3 SQL注入漏洞
CVE-2015-8980php-gettext 安全漏洞
CVE-2019-17210ARM Mbed OS MQTT library 输入验证错误漏洞
CVE-2019-18680Linux kernel 代码问题漏洞
CVE-2019-18663ARP-GUARD SQL注入漏洞
CVE-2019-13497One Identity Cloud Access Manager 跨站请求伪造漏洞
CVE-2019-13496One Identity Cloud Access Manager 安全漏洞
CVE-2013-2261Cryptocat 信息泄露漏洞
CVE-2013-4104Cryptocat 加密问题漏洞
CVE-2019-18683Linux kernel 资源管理错误漏洞
CVE-2013-4100Cryptocat 输入验证错误漏洞
CVE-2013-4101Cryptocat 输入验证错误漏洞

Showing top 20 of 23 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2019-18684

No comments yet

Leave a comment