Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
409
VMScore

CVE-2019-19520

Published: 05/12/2019 Updated: 24/08/2020
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Openbsd

Vulnerability Summary

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openbsd 6.6

Exploits

Exploit DB: Qualys Security Advisory - OpenBSD Authentication Bypass / Privilege Escalation
Qualys has discovered that OpenBSD suffers from multiple authentication bypass and local privilege escalation vulnerabilities ...

Mailing Lists

Full Disclosure: Authentication vulnerabilities in OpenBSD
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Authentication vulnerabilities in OpenBSD <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Qualys Security ...
Full Disclosure: Authentication vulnerabilities in OpenBSD
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Authentication vulnerabilities in OpenBSD <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Qualys Security Advisor ...

Github Repositories

https://github.com/retrymp3/Openbsd-Privilege-Escalation

Script that automates the process of escalating privileges on openbsd system (CVE-2019-19520) by exploiting the xlock binary and againing it's sgid and escalating to the root user by (CVE-2019-19522) exploiting the privileges of auth group and adding keys to the Skey or Yubikey

Openbsd-Privilege-Escalation A Script that automates the process of escalating privileges on openbsd system (CVE-2019-19520) by exploiting the xlock binary and againing it's sgid and escalating to the root user by (CVE-2019-19522) exploiting the privileges of auth group and adding keys to the Skey or Yubikey The C code is pretty much a copy of the original poc from: https

References

CWE-863https://www.openbsd.org/errata66.htmlhttps://www.openwall.com/lists/oss-security/2019/12/04/5http://www.openwall.com/lists/oss-security/2019/12/04/6http://www.openwall.com/lists/oss-security/2019/12/04/5https://seclists.org/bugtraq/2019/Dec/8http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2019/Dec/14https://nvd.nist.govhttps://github.com/retrymp3/Openbsd-Privilege-Escalationhttp://seclists.org/fulldisclosure/2019/Dec/14
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook