Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
641
VMScore

CVE-2019-19522

Published: 05/12/2019 Updated: 24/08/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Openbsd

Vulnerability Summary

OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openbsd 6.6

Exploits

Exploit DB: Qualys Security Advisory - OpenBSD Authentication Bypass / Privilege Escalation
Qualys has discovered that OpenBSD suffers from multiple authentication bypass and local privilege escalation vulnerabilities ...

Mailing Lists

Full Disclosure: Authentication vulnerabilities in OpenBSD
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Authentication vulnerabilities in OpenBSD <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Qualys Security ...
Full Disclosure: Authentication vulnerabilities in OpenBSD
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Authentication vulnerabilities in OpenBSD <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Qualys Security Advisor ...

Github Repositories

https://github.com/retrymp3/Openbsd-Privilege-Escalation

Script that automates the process of escalating privileges on openbsd system (CVE-2019-19520) by exploiting the xlock binary and againing it's sgid and escalating to the root user by (CVE-2019-19522) exploiting the privileges of auth group and adding keys to the Skey or Yubikey

Openbsd-Privilege-Escalation A Script that automates the process of escalating privileges on openbsd system (CVE-2019-19520) by exploiting the xlock binary and againing it's sgid and escalating to the root user by (CVE-2019-19522) exploiting the privileges of auth group and adding keys to the Skey or Yubikey The C code is pretty much a copy of the original poc from: https

References

CWE-732https://www.openbsd.org/errata66.htmlhttps://www.openwall.com/lists/oss-security/2019/12/04/5http://www.openwall.com/lists/oss-security/2019/12/04/5https://seclists.org/bugtraq/2019/Dec/8http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2019/Dec/14https://nvd.nist.govhttps://github.com/retrymp3/Openbsd-Privilege-Escalationhttp://seclists.org/fulldisclosure/2019/Dec/14
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28254CVE-2024-32515CVE-2024-21338validationCVE-2024-32522dosCVE-2024-2101CVE-2024-21107elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook