Unrated severityNVD Advisory· Published Dec 4, 2019· Updated Aug 5, 2024
CVE-2019-19522
CVE-2019-19522
Description
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OpenBSD/OpenBSDdescription
Patches
Vulnerability mechanics
References
6- packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2019/Dec/14mitremailing-listx_refsource_FULLDISC
- www.openwall.com/lists/oss-security/2019/12/04/5mitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Dec/8mitremailing-listx_refsource_BUGTRAQ
- www.openbsd.org/errata66.htmlmitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2019/12/04/5mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.