CVE-2019-18684 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-18684 Interim 1 24 2025-08-14T01:55:16Z current 2021-05-30T14:32:56Z 2025-08-14T01:55:16Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-18684 Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 3.0 SUSE Container as a Service Platform 1.0 SUSE Container as a Service Platform 2.0 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 sudo sudo-devel sudo as a component of SUSE CaaS Platform 3.0 sudo as a component of SUSE Container as a Service Platform 1.0 sudo as a component of SUSE Container as a Service Platform 2.0 sudo as a component of SUSE Linux Enterprise Desktop 12 SP4 sudo as a component of SUSE Linux Enterprise High Performance Computing 12 SP4 sudo as a component of SUSE Linux Enterprise Module for Basesystem 15 sudo-devel as a component of SUSE Linux Enterprise Module for Basesystem 15 sudo as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 sudo-devel as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 sudo as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata sudo as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata sudo as a component of SUSE Linux Enterprise Server 11 SP4 LTSS sudo as a component of SUSE Linux Enterprise Server 12 SP1-LTSS sudo as a component of SUSE Linux Enterprise Server 12 SP2-LTSS sudo as a component of SUSE Linux Enterprise Server 12 SP3-LTSS sudo as a component of SUSE Linux Enterprise Server 12 SP4 sudo as a component of SUSE Linux Enterprise Server 12 SP5 sudo as a component of SUSE Linux Enterprise Server Teradata 12 SP3 sudo as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 sudo as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 sudo-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 sudo as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers CVE-2019-18684 SUSE CaaS Platform 3.0:sudo SUSE Container as a Service Platform 1.0:sudo SUSE Container as a Service Platform 2.0:sudo SUSE Linux Enterprise Desktop 12 SP4:sudo SUSE Linux Enterprise High Performance Computing 12 SP4:sudo SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel SUSE Linux Enterprise Module for Basesystem 15:sudo SUSE Linux Enterprise Module for Basesystem 15:sudo-devel SUSE Linux Enterprise Server 11 SP1 for Teradata:sudo SUSE Linux Enterprise Server 11 SP3 for Teradata:sudo SUSE Linux Enterprise Server 11 SP4 LTSS:sudo SUSE Linux Enterprise Server 12 SP1-LTSS:sudo SUSE Linux Enterprise Server 12 SP2-LTSS:sudo SUSE Linux Enterprise Server 12 SP3-LTSS:sudo SUSE Linux Enterprise Server 12 SP4:sudo SUSE Linux Enterprise Server 12 SP5:sudo SUSE Linux Enterprise Server Teradata 12 SP3:sudo SUSE Linux Enterprise Server for SAP Applications 12 SP3:sudo SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo SUSE Linux Enterprise Software Development Kit 12 SP4:sudo SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L