Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2019-19726

Vulnerability Summary

This Metasploit module exploits a vulnerability in the OpenBSD ld.so dynamic loader (CVE-2019-19726). The _dl_getenv() function fails to reset the LD_LIBRARY_PATH environment variable when set with approximately ARG_MAX colons. This can be abused to load libutil.so from an untrusted path, using LD_LIBRARY_PATH in combination with the chpass set-uid executable, resulting in privileged code execution. This module has been tested successfully on OpenBSD 6.1 (amd64) and OpenBSD 6.6 (amd64).

Exploits

Exploit DB: OpenBSD Dynamic Loader chpass Privilege Escalation
This Metasploit module exploits a vulnerability in the OpenBSD ldso dynamic loader (CVE-2019-19726) The _dl_getenv() function fails to reset the LD_LIBRARY_PATH environment variable when set with approximately ARG_MAX colons This can be abused to load libutilso from an untrusted path, using LD_LIBRARY_PATH in combination with the chpass set-uid ...

References

https://packetstormsecurity.com/files/155764/OpenBSD-Dynamic-Loader-chpass-Privilege-Escalation.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229privilege escalationlocal usersCVE-2024-5405CVE-2024-27842CVE-2024-5274CVE-2024-5378CVE-2024-34152hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook