RSS   Vulnerabilities for 'Openbsd'   RSS

2020-07-28
 
CVE-2020-16088

CWE-639
 

 
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.

 
2019-12-12
 
CVE-2019-19726

CWE-269
 

 
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.

 
2019-12-11
 
CVE-2019-14899

NVD-CWE-Other
 

 
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

 
2019-12-10
 
CVE-2012-1577

CWE-335
 

 
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.

 
2019-12-05
 
CVE-2019-19522

CWE-287
 

 
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.

 
 
CVE-2019-19521

CWE-287
 

 
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).

 
 
CVE-2019-19520

CWE-269
 

 
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.

 
 
CVE-2019-19519

CWE-20
 

 
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.

 
2019-08-26
 
CVE-2019-8460

CWE-20
 

 
Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologies Ltd. discovered that OpenBSD kernel (all versions, including 6.5) can be forced to create long chains of TCP SACK holes that cause very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.

 
2018-08-01
 
CVE-2018-14775

CWE-20
 

 
tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture.

 


Copyright 2021, cxsecurity.com

 

Back to Top