Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue.
Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs.
The three issued could be exploited by local users or malware to gain privileges of a
The OpenBSD development team addressed the flaws less than two days after they were reported by the experts by releasing security patches for OpenBSD 6.5 and OpenBSD 6.6.
The first OpenBSD vulnerability, an authentication bypass issue tracked as CVE-2019-19521, affects the way OpenBSD’s authentication framework parses the username supplied by a user while logging in through
“We discovered an authentication-bypass vulnerability in OpenBSD’s authentication system: this vulnerability is remotely exploitable in
A remote attacker could exploit this vulnerability to access vulnerable services by entering the
“If an attacker specifies a username of the form ‘-option’, they can influence the behavior of the authentication program in unexpected ways,” continues the advisory.
The flaw is exploitable in
The second vulnerability tracked as CVE-2019-19520 is a local privilege escalation issue caused by a failed check in
The third issue trackers as CVE-2019-19522 is an authentication bypass issue found in the OpenBSD’s authentication protocol.
A local attacker with ‘
The last issue tracked as CVE-2019-19519 is caused by a logical error in one of the
The experts released PoC exploits for each vulnerability in the advisory, OpenBSD users are recommended to install the security patches using
(SecurityAffairs – OpenBSD, hacking)