CVE-2019-19522

Опубликовано: 05 дек. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.

Ссылки

http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/14
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/04/5
Exploit
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Dec/8
Exploit
Mailing List
Third Party Advisory
https://www.openbsd.org/errata66.html
Vendor Advisory
https://www.openwall.com/lists/oss-security/2019/12/04/5
Exploit
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/14
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/04/5
Exploit
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Dec/8
Exploit
Mailing List
Third Party Advisory
https://www.openbsd.org/errata66.html
Vendor Advisory
https://www.openwall.com/lists/oss-security/2019/12/04/5
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:openbsd:openbsd:6.6:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00198

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-w448-mv88-mx78