U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

OpenBSD addresses authentication bypass, privilege escalation issues

Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue. Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs. The three issued could be exploited by local users or malware to […]

OpenBSD

Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue.

Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs.

The three issued could be exploited by local users or malware to gain privileges of an auth group, root, as well as of other users, respectively.

The OpenBSD development team addressed the flaws less than two days after they were reported by the experts by releasing security patches for OpenBSD 6.5 and OpenBSD 6.6.

The first OpenBSD vulnerability, an authentication bypass issue tracked as CVE-2019-19521, affects the way OpenBSD’s authentication framework parses the username supplied by a user while logging in through smtpd, ldapd, radiusd, su, or sshd services.

“We discovered an authentication-bypass vulnerability in OpenBSD’s authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.” reads the security advisory published by the experts.

A remote attacker could exploit this vulnerability to access vulnerable services by entering the username as “-schallenge” or “-schallenge: passwd.” The ‘-‘ symbol prefixed to the username tricks OpenBSD into interpreting the value as a command-line option.

The “-schallenge” is interpreted as “-s challenge” and forces the system into ignoring the challenge protocol that eventually allows to bypass the authentication automatically.

“If an attacker specifies a username of the form ‘-option’, they can influence the behavior of the authentication program in unexpected ways,” continues the advisory.

The flaw is exploitable in smtpd, ldapd, and radiusd, but not in sshd or su because the presence of the defense-in-depth mechanisms that hang the connection even after successful authentication bypass.

The second vulnerability tracked as CVE-2019-19520 is a local privilege escalation issue caused by a failed check in xlock. A local attacker can trigger the issue to obtain the privileges of set-group-IDauth” through xlock, which is installed by default. 

The third issue trackers as CVE-2019-19522 is an authentication bypass issue found in the OpenBSD’s authentication protocol.

A local attacker with ‘auth‘ group permission can gain full privileges of the root user due to the incorrect operation of authorization mechanisms via “S/Key” and “YubiKey.” (which is a non-default configuration“)

The last issue tracked as CVE-2019-19519 is caused by a logical error in one of the su’s primary functions, that could be exploited by a local attacker to achieve any user’s login class, often excluding root, by exploiting su’s -L option.

The experts released PoC exploits for each vulnerability in the advisory, OpenBSD users are recommended to install the security patches using syspatch mechanism.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – OpenBSD, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]