cvelistv5 - cve-2019-19520

CVE-2019-19520 (GCVE-0-2019-19520)

Vulnerability from cvelistv5 – Published: 2019-12-04 23:34 – Updated: 2024-08-05 02:16

Summary

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.openwall.com/lists/oss-security/2019/…	x_refsource_MISC
	https://www.openbsd.org/errata66.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/12/04/6	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/12/04/5	mailing-listx_refsource_MLIST
	https://seclists.org/bugtraq/2019/Dec/8	mailing-listx_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/155572/Qualy…	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Dec/14	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:48.540Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2019/12/04/5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openbsd.org/errata66.html"
          },
          {
            "name": "[oss-security] 20191204 Re: Authentication vulnerabilities in OpenBSD",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/12/04/6"
          },
          {
            "name": "[oss-security] 20191204 Authentication vulnerabilities in OpenBSD",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/12/04/5"
          },
          {
            "name": "20191205 Authentication vulnerabilities in OpenBSD",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Dec/8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html"
          },
          {
            "name": "20191206 Authentication vulnerabilities in OpenBSD",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Dec/14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-06T21:06:05",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2019/12/04/5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openbsd.org/errata66.html"
        },
        {
          "name": "[oss-security] 20191204 Re: Authentication vulnerabilities in OpenBSD",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/12/04/6"
        },
        {
          "name": "[oss-security] 20191204 Authentication vulnerabilities in OpenBSD",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/12/04/5"
        },
        {
          "name": "20191205 Authentication vulnerabilities in OpenBSD",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Dec/8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html"
        },
        {
          "name": "20191206 Authentication vulnerabilities in OpenBSD",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Dec/14"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19520",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2019/12/04/5",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2019/12/04/5"
            },
            {
              "name": "https://www.openbsd.org/errata66.html",
              "refsource": "MISC",
              "url": "https://www.openbsd.org/errata66.html"
            },
            {
              "name": "[oss-security] 20191204 Re: Authentication vulnerabilities in OpenBSD",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/12/04/6"
            },
            {
              "name": "[oss-security] 20191204 Authentication vulnerabilities in OpenBSD",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/12/04/5"
            },
            {
              "name": "20191205 Authentication vulnerabilities in OpenBSD",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Dec/8"
            },
            {
              "name": "http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html"
            },
            {
              "name": "20191206 Authentication vulnerabilities in OpenBSD",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Dec/14"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19520",
    "datePublished": "2019-12-04T23:34:21",
    "dateReserved": "2019-12-03T00:00:00",
    "dateUpdated": "2024-08-05T02:16:48.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:openbsd:openbsd:6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E0CC007-1428-4683-A196-3544F1C9CC92\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.\"}, {\"lang\": \"es\", \"value\": \"xlock en OpenBSD versiones 6.6, permite a usuarios locales conseguir los privilegios del grupo de autenticaci\\u00f3n al proporcionar una variable de entorno LIBGL_DRIVERS_PATH, porque el archivo xenocara/lib/mesa/src/loader/loader.c maneja inapropiadamente dlopen.\"}]",
      "id": "CVE-2019-19520",
      "lastModified": "2024-11-21T04:34:52.703",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-12-05T00:15:11.307",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Dec/14\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/12/04/5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/12/04/6\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Dec/8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.openbsd.org/errata66.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2019/12/04/5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Dec/14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/12/04/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/12/04/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Dec/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.openbsd.org/errata66.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2019/12/04/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-19520\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-12-05T00:15:11.307\",\"lastModified\":\"2024-11-21T04:34:52.703\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.\"},{\"lang\":\"es\",\"value\":\"xlock en OpenBSD versiones 6.6, permite a usuarios locales conseguir los privilegios del grupo de autenticaci\u00f3n al proporcionar una variable de entorno LIBGL_DRIVERS_PATH, porque el archivo xenocara/lib/mesa/src/loader/loader.c maneja inapropiadamente dlopen.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E0CC007-1428-4683-A196-3544F1C9CC92\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Dec/14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/12/04/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/12/04/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Dec/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.openbsd.org/errata66.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2019/12/04/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Dec/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/12/04/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/12/04/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Dec/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.openbsd.org/errata66.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2019/12/04/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}

FKIE_CVE-2019-19520

Vulnerability from fkie_nvd - Published: 2019-12-05 00:15 - Updated: 2024-11-21 04:34

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html	Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Dec/14	Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2019/12/04/5	Exploit, Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2019/12/04/6	Mailing List
cve@mitre.org	https://seclists.org/bugtraq/2019/Dec/8	Exploit, Mailing List, Third Party Advisory
cve@mitre.org	https://www.openbsd.org/errata66.html	Vendor Advisory
cve@mitre.org	https://www.openwall.com/lists/oss-security/2019/12/04/5	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Dec/14	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/12/04/5	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/12/04/6	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Dec/8	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.openbsd.org/errata66.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.openwall.com/lists/oss-security/2019/12/04/5	Exploit, Mailing List, Third Party Advisory

Impacted products

	Vendor	Product	Version
	openbsd	openbsd	6.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E0CC007-1428-4683-A196-3544F1C9CC92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen."
    },
    {
      "lang": "es",
      "value": "xlock en OpenBSD versiones 6.6, permite a usuarios locales conseguir los privilegios del grupo de autenticaci\u00f3n al proporcionar una variable de entorno LIBGL_DRIVERS_PATH, porque el archivo xenocara/lib/mesa/src/loader/loader.c maneja inapropiadamente dlopen."
    }
  ],
  "id": "CVE-2019-19520",
  "lastModified": "2024-11-21T04:34:52.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-05T00:15:11.307",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Dec/14"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/12/04/5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/12/04/6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Dec/8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openbsd.org/errata66.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2019/12/04/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Dec/14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/12/04/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/12/04/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Dec/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openbsd.org/errata66.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2019/12/04/5"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JHM5-R427-J4RC

Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2022-05-24 17:02

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-19520"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-05T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.",
  "id": "GHSA-jhm5-r427-j4rc",
  "modified": "2022-05-24T17:02:43Z",
  "published": "2022-05-24T17:02:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19520"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Dec/8"
    },
    {
      "type": "WEB",
      "url": "https://www.openbsd.org/errata66.html"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2019/12/04/5"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2019/Dec/14"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/12/04/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/12/04/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2019-AVI-606

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans OpenBSD. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	OpenBSD	OpenBSD	OpenBSD 6.6 sans le dernier correctif de sécurité
	OpenBSD	OpenBSD	OpenBSD 6.5 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité OpenBSD 6.6 du 04 décembre 2019	None	vendor-advisory
Bulletin de sécurité OpenBSD 6.5 du 04 décembre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenBSD 6.6 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "OpenBSD",
        "vendor": {
          "name": "OpenBSD",
          "scada": false
        }
      }
    },
    {
      "description": "OpenBSD 6.5 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "OpenBSD",
        "vendor": {
          "name": "OpenBSD",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-19521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19521"
    },
    {
      "name": "CVE-2019-19522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19522"
    },
    {
      "name": "CVE-2019-19520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19520"
    },
    {
      "name": "CVE-2019-19519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19519"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-606",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenBSD. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenBSD",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenBSD 6.6 du 04 d\u00e9cembre 2019",
      "url": "https://www.openbsd.org/errata66.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenBSD 6.5 du 04 d\u00e9cembre 2019",
      "url": "https://www.openbsd.org/errata65.html"
    }
  ]
}

CERTFR-2019-AVI-606

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans OpenBSD. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	OpenBSD	OpenBSD	OpenBSD 6.6 sans le dernier correctif de sécurité
	OpenBSD	OpenBSD	OpenBSD 6.5 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité OpenBSD 6.6 du 04 décembre 2019	None	vendor-advisory
Bulletin de sécurité OpenBSD 6.5 du 04 décembre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenBSD 6.6 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "OpenBSD",
        "vendor": {
          "name": "OpenBSD",
          "scada": false
        }
      }
    },
    {
      "description": "OpenBSD 6.5 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "OpenBSD",
        "vendor": {
          "name": "OpenBSD",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-19521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19521"
    },
    {
      "name": "CVE-2019-19522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19522"
    },
    {
      "name": "CVE-2019-19520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19520"
    },
    {
      "name": "CVE-2019-19519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19519"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-606",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenBSD. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenBSD",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenBSD 6.6 du 04 d\u00e9cembre 2019",
      "url": "https://www.openbsd.org/errata66.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenBSD 6.5 du 04 d\u00e9cembre 2019",
      "url": "https://www.openbsd.org/errata65.html"
    }
  ]
}

GSD-2019-19520

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-19520

Aliases

CVE-2019-19520

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-19520",
    "description": "xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.",
    "id": "GSD-2019-19520",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2019-19520"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-19520"
      ],
      "details": "xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.",
      "id": "GSD-2019-19520",
      "modified": "2023-12-13T01:23:54.521745Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-19520",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.openwall.com/lists/oss-security/2019/12/04/5",
            "refsource": "MISC",
            "url": "https://www.openwall.com/lists/oss-security/2019/12/04/5"
          },
          {
            "name": "https://www.openbsd.org/errata66.html",
            "refsource": "MISC",
            "url": "https://www.openbsd.org/errata66.html"
          },
          {
            "name": "[oss-security] 20191204 Re: Authentication vulnerabilities in OpenBSD",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/12/04/6"
          },
          {
            "name": "[oss-security] 20191204 Authentication vulnerabilities in OpenBSD",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/12/04/5"
          },
          {
            "name": "20191205 Authentication vulnerabilities in OpenBSD",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/Dec/8"
          },
          {
            "name": "http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html"
          },
          {
            "name": "20191206 Authentication vulnerabilities in OpenBSD",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2019/Dec/14"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:openbsd:openbsd:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19520"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openbsd.org/errata66.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.openbsd.org/errata66.html"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2019/12/04/5",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2019/12/04/5"
            },
            {
              "name": "[oss-security] 20191204 Re: Authentication vulnerabilities in OpenBSD",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/12/04/6"
            },
            {
              "name": "[oss-security] 20191204 Authentication vulnerabilities in OpenBSD",
              "refsource": "MLIST",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/12/04/5"
            },
            {
              "name": "20191205 Authentication vulnerabilities in OpenBSD",
              "refsource": "BUGTRAQ",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/bugtraq/2019/Dec/8"
            },
            {
              "name": "http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html"
            },
            {
              "name": "20191206 Authentication vulnerabilities in OpenBSD",
              "refsource": "FULLDISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Dec/14"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-12-05T00:15Z"
    }
  }
}

CNVD-2019-44735

Vulnerability from cnvd - Published: 2019-12-10

Title

OpenBSD存在未明漏洞（CNVD-2019-44735）

Description

OpenBSD是加拿大OpenBSD项目组的一套跨平台的、基于BSD的类UNIX操作系统。 OpenBSD 6.6版本中的xlock存在安全漏洞，该漏洞源于xenocara/lib/mesa/src/loader/loader.c文件没有正确处理dlopen。本地攻击者可利用该漏洞通过提交LIBGL_DRIVERS_PATH环境变量获取‘auth’组的权限。

Severity

高

Patch Name

OpenBSD存在未明漏洞（CNVD-2019-44735）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.openbsd.org/errata66.html

Reference

http://www.openwall.com/lists/oss-security/2019/12/04/5 https://nvd.nist.gov/vuln/detail/CVE-2019-19520

Impacted products

Name
OpenBSD OpenBSD 6.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-19520"
    }
  },
  "description": "OpenBSD\u662f\u52a0\u62ff\u5927OpenBSD\u9879\u76ee\u7ec4\u7684\u4e00\u5957\u8de8\u5e73\u53f0\u7684\u3001\u57fa\u4e8eBSD\u7684\u7c7bUNIX\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nOpenBSD 6.6\u7248\u672c\u4e2d\u7684xlock\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8exenocara/lib/mesa/src/loader/loader.c\u6587\u4ef6\u6ca1\u6709\u6b63\u786e\u5904\u7406dlopen\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u63d0\u4ea4LIBGL_DRIVERS_PATH\u73af\u5883\u53d8\u91cf\u83b7\u53d6\u2018auth\u2019\u7ec4\u7684\u6743\u9650\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.openbsd.org/errata66.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-44735",
  "openTime": "2019-12-10",
  "patchDescription": "OpenBSD\u662f\u52a0\u62ff\u5927OpenBSD\u9879\u76ee\u7ec4\u7684\u4e00\u5957\u8de8\u5e73\u53f0\u7684\u3001\u57fa\u4e8eBSD\u7684\u7c7bUNIX\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nOpenBSD 6.6\u7248\u672c\u4e2d\u7684xlock\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8exenocara/lib/mesa/src/loader/loader.c\u6587\u4ef6\u6ca1\u6709\u6b63\u786e\u5904\u7406dlopen\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u63d0\u4ea4LIBGL_DRIVERS_PATH\u73af\u5883\u53d8\u91cf\u83b7\u53d6\u2018auth\u2019\u7ec4\u7684\u6743\u9650\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "OpenBSD\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2019-44735\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "OpenBSD OpenBSD 6.6"
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2019/12/04/5\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19520",
  "serverity": "\u9ad8",
  "submitTime": "2019-12-05",
  "title": "OpenBSD\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2019-44735\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-19520 (GCVE-0-2019-19520)

FKIE_CVE-2019-19520

GHSA-JHM5-R427-J4RC

CERTFR-2019-AVI-606

Solution

CERTFR-2019-AVI-606

Solution

GSD-2019-19520

CNVD-2019-44735

Tags

Sightings

Nomenclature