[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-19726Date: (C)2019-12-12   (M)2023-12-22


OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.8CVSS Score : 7.2
Exploit Score: 1.8Exploit Score: 3.9
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
https://seclists.org/bugtraq/2019/Dec/25
http://seclists.org/fulldisclosure/2019/Dec/31
http://seclists.org/fulldisclosure/2023/Oct/11
http://www.openwall.com/lists/oss-security/2023/10/03/2
http://packetstormsecurity.com/files/155658/Qualys-Security-Advisory-OpenBSD-Dynamic-Loader-Privilege-Escalation.html
http://packetstormsecurity.com/files/155764/OpenBSD-Dynamic-Loader-chpass-Privilege-Escalation.html
http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
https://www.openbsd.org/errata66.html
https://www.openwall.com/lists/oss-security/2019/12/11/9

CWE    1
CWE-269

© SecPod Technologies