Published: 05/12/2019 Updated: 21/07/2021

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openbsd openbsd 6.6

Qualys has discovered that OpenBSD suffers from multiple authentication bypass and local privilege escalation vulnerabilities ...

Full Disclosure mailing list archives   By Date By Thread </form>    Authentication vulnerabilities in OpenBSD   From: Qualys Security ...

oss-sec mailing list archives   By Date By Thread </form>    Authentication vulnerabilities in OpenBSD   From: Qualys Security Advisor ...

CWE-287 https://github.com/openbsd/src/blob/2dfc98f42e117c7605b52b5020b630d98601dc22/usr.bin/su/su.c#L210-L211 https://www.openbsd.org/errata66.html https://www.openwall.com/lists/oss-security/2019/12/04/5 http://www.openwall.com/lists/oss-security/2019/12/04/5 https://seclists.org/bugtraq/2019/Dec/8 http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html http://seclists.org/fulldisclosure/2019/Dec/14 https://nvd.nist.gov http://seclists.org/fulldisclosure/2019/Dec/14

CVE-2019-19519

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect