CVE-2019-19521

Опубликовано: 05 дек. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).

Ссылки

http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/14
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/04/5
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/04/6
Mailing List
https://seclists.org/bugtraq/2019/Dec/8
Exploit
Mailing List
Third Party Advisory
https://www.openbsd.org/errata66.html
Vendor Advisory
https://www.openwall.com/lists/oss-security/2019/12/04/5
Exploit
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/14
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/04/5
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/04/6
Mailing List
https://seclists.org/bugtraq/2019/Dec/8
Exploit
Mailing List
Third Party Advisory
https://www.openbsd.org/errata66.html
Vendor Advisory
https://www.openwall.com/lists/oss-security/2019/12/04/5
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:openbsd:openbsd:6.6:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00539

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-gw7q-976q-g767