CVE-2019-19522

OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.
Configurations

Configuration 1 (hide)

cpe:2.3:o:openbsd:openbsd:6.6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-12-05 00:15

Updated : 2024-02-28 17:28


NVD link : CVE-2019-19522

Mitre link : CVE-2019-19522

CVE.ORG link : CVE-2019-19522


JSON object : View

Products Affected

openbsd

  • openbsd
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource