Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs.
The three issued could be exploited by local users or malware to gain privileges of a
The first OpenBSD vulnerability, an authentication bypass issue tracked as CVE-2019-19521, affects the way OpenBSD’s authentication framework parses the username supplied by a user while logging in through
“We discovered an authentication-bypass vulnerability in OpenBSD’s authentication system: this vulnerability is remotely exploitable in
A remote attacker could exploit this vulnerability to access vulnerable services by entering the
“If an attacker specifies a username of the form ‘-option’, they can influence the behavior of the authentication program in unexpected ways,” continues the advisory.
The flaw is exploitable in
The second vulnerability tracked as CVE-2019-19520 is a local privilege escalation issue caused by a failed check in
The third issue trackers as CVE-2019-19522 is an authentication bypass issue found in the OpenBSD’s authentication protocol.
A local attacker with ‘
The last issue tracked as CVE-2019-19519 is caused by a logical error in one of the
The experts released PoC exploits for each vulnerability in the advisory, OpenBSD users are recommended to install the security patches using
(SecurityAffairs – OpenBSD, hacking)