QwikSec

Security Database

CVE

CWE

Training

CVE-2019-19522

Published: Dec 4, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openwall.com/lists/oss-security/2019/12/04/5

x_refsource_MISC

https://www.openbsd.org/errata66.html

x_refsource_MISC

[oss-security] 20191204 Authentication vulnerabilities in OpenBSD

mailing-list

x_refsource_MLIST

20191205 Authentication vulnerabilities in OpenBSD

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html

x_refsource_MISC

20191206 Authentication vulnerabilities in OpenBSD

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.