Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs.
The three issued could be exploited by local users or malware to gain privileges of a
The first OpenBSD vulnerability, an authentication bypass issue tracked as CVE-2019-19521, affects the way OpenBSD’s authentication framework parses the username supplied by a user while logging in through
“We discovered an authentication-bypass vulnerability in OpenBSD’s authentication system: this vulnerability is remotely exploitable in
A remote attacker could exploit this vulnerability to access vulnerable services by entering the
“If an attacker specifies a username of the form ‘-option’, they can influence the behavior of the authentication program in unexpected ways,” continues the advisory.
The flaw is exploitable in
The second vulnerability tracked as CVE-2019-19520 is a local privilege escalation issue caused by a failed check in
The third issue trackers as CVE-2019-19522 is an authentication bypass issue found in the OpenBSD’s authentication protocol.
A local attacker with ‘
The last issue tracked as CVE-2019-19519 is caused by a logical error in one of the
The experts released PoC exploits for each vulnerability in the advisory, OpenBSD users are recommended to install the security patches using
(SecurityAffairs – OpenBSD, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.