An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root.
References
Link | Resource |
---|---|
https://github.com/slicer69/doas/commit/2f83222829448e5bc4c9391d607ec265a1e06531 | Patch |
https://github.com/slicer69/doas/compare/6.1p1...6.2 | Release Notes |
Configurations
History
16 Feb 2024, 15:34
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-252 |
Information
Published : 2019-10-18 16:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-15900
Mitre link : CVE-2019-15900
CVE.ORG link : CVE-2019-15900
JSON object : View
Products Affected
doas_project
- doas