• About
  • Advertise
  • Careers
  • Contact
Friday, July 1, 2022
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

OpenBSD addresses authentication bypass, privilege escalation issues

by Cyber360 News
December 6, 2019
in Security
0
OpenBSD addresses authentication bypass, privilege escalation issues
0
SHARES
4
VIEWS
Share on FacebookShare on Twitter

Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue.

Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs.

The three issued could be exploited by local users or malware to gain privileges of anauth group, root, as well as of other users, respectively.

The OpenBSD development team addressed the flaws less than two days after they were reported by the experts by releasing security patches for OpenBSD 6.5 and OpenBSD 6.6.

The first OpenBSD vulnerability, an authentication bypass issue tracked as CVE-2019-19521, affects the way OpenBSD’s authentication framework parses the username supplied by a user while logging in through smtpd, ldapd, radiusd, su, or sshd services.

“We discovered an authentication-bypass vulnerability in OpenBSD’s authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.” reads the security advisory published by the experts.

A remote attacker could exploit this vulnerability to access vulnerable services by entering the username as “-schallenge” or “-schallenge: passwd.” The ‘-‘ symbol prefixed to the username tricks OpenBSD into interpreting the value as a command-line option.

The “-schallenge” is interpreted as “-s challenge” and forces the system into ignoring the challenge protocol that eventually allows to bypass the authentication automatically.

“If an attacker specifies a username of the form ‘-option’, they can influence the behavior of the authentication program in unexpected ways,” continues the advisory.

The flaw is exploitable in smtpd, ldapd, and radiusd, but not in sshd or su because the presence of the defense-in-depth mechanisms that hang the connection even after successful authentication bypass.

The second vulnerability tracked as CVE-2019-19520 is a local privilege escalation issue caused by a failed check in xlock. A local attacker can trigger the issue to obtain the privileges of set-group-ID “auth” through xlock, which is installed by default. 

The third issue trackers as CVE-2019-19522 is an authentication bypass issue found in the OpenBSD’s authentication protocol.

A local attacker with ‘auth‘ group permission can gain full privileges of the root user due to the incorrect operation of authorization mechanisms via “S/Key” and “YubiKey.” (“which is a non-default configuration“)

The last issue tracked as CVE-2019-19519 is caused by a logical error in one of the su’s primary functions, that could be exploited by a local attacker to achieve any user’s login class, often excluding root, by exploiting su’s -L option.

The experts released PoC exploits for each vulnerability in the advisory, OpenBSD users are recommended to install the security patches using syspatch mechanism.

Pierluigi Paganini

(SecurityAffairs – OpenBSD, hacking)



Share On


Cyber360 News

Cyber360 News

Next Post
Heroku PaaS Service Found Hosting Numerous Magecart Skimmers

Heroku PaaS Service Found Hosting Numerous Magecart Skimmers

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In