Local Privilege Escalation in OpenBSD’s dynamic loader

Overview :
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.
Affected Product(s) :
  • OpenBSD through 6.6
Vulnerability Details :
CVE ID : CVE-2019-19726
We discovered a Local Privilege Escalation in OpenBSD’s dynamic loader (ld.so): this vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and yields full root privileges.

We developed a simple proof of concept and successfully tested it against OpenBSD 6.6 (the current release), 6.5, 6.2, and 6.1, on both amd64 and i386; other releases and architectures are probably also exploitable.

Solution :

Upgrade to latest version of OpenBSD

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-40265 : MITSUBISHI ELECTRIC MELSEC IQ-R PACKETS DENIAL OF SERVICE

CVE-2022-40265 : MITSUBISHI ELECTRIC MELSEC IQ-R PACKETS DENIAL OF SERVICE

Description Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version “65” and prior and Mitsubishi

CVE-2022-44400 : ORETNOM23 PURCHASE ORDER MANAGEMENT SYSTEM 1.0 UNRESTRICTED UPLOAD

CVE-2022-44400 : ORETNOM23 PURCHASE ORDER MANAGEMENT SYSTEM 1.0 UNRESTRICTED UPLOAD

Description Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. References https://github.com/lcg-22266/bug_report/blob/main/vendors/oretnom23/Purchase%20Order%20Management%20System/UPLOAD-1.md For More Information MITRE

CVE-2022-45919 : LINUX KERNEL UP TO 6.0.10/0221.C DVB_CA_EN50221.C DVB_CA_EN50221_IO_RELEASE USE AFTER FREE

CVE-2022-45919 : LINUX KERNEL UP TO 6.0.10/0221.C DVB_CA_EN50221.C DVB_CA_EN50221_IO_RELEASE USE AFTER FREE

Description An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is