Main Vulnerability Database Exploits ID:4870 - Exploit for Resource management error in OpenBSD - CVE-2019-19522

ID:4870 - Exploit for Resource management error in OpenBSD - CVE-2019-19522

Published: November 21, 2020

Vulnerability identifier: #VU23425

Vulnerability risk: Low

CVE-ID: CVE-2019-19522

CWE-ID: CWE-399

Exploitation vector: Local access

Vulnerable software:
OpenBSD

Link to public exploit:

https://github.com/retrymp3/Openbsd-Privilege-Escalation

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error in authentication process, where S/Key or YubiKey authentication is enabled. A local user can gain root privileges by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:4870 - Exploit for Resource management error in OpenBSD - CVE-2019-19522

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human