Beautiful OpenBSD Root Exploit Published
Cloud provider Qualys published a beautiful Local Privilege Escalation exploit for recent versions of the OpenBSD on Wednesday the 12th of December. Any regular account can get full root access on a default installation. The OpenBSD developer team, lead by Theo de Raadt, were so embarrassed by this that they created a patch which fixes the vulnerability in less than 3 hours.
published 2019-12-13 - last edited 2019-12-13
The exploit, published on seclists.org with the title Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726), is quite ingenious and beautiful. The proof-of-concept root exploit tricks the system library loader
ld.so into loading what should have been a system library from the current folder. It's worth reading through the proof of concept if you enjoy beautiful and clever exploits.
The security-focused OpenBSD team were so embarrassed that they worked for 3 hours strait in order to create a patches for OpenBSD which fixes all the security holes used by this exploit. OpenBSD users should probably upgrade. The creators of the proof-of-concept tested it on OpenBSD 6.6 (current release) as well as 6.5, 6.2 and 6.1 - on both amd64 and i386.
This is the second enjoyable security-flaw Qualys has found this month; the first being "Authentication vulnerabilities in OpenBSD" published on December 5th. Those vulnerabilities can be used to bypass remote authentication for smtpd, ldapd and even su - but you can't get root using su, only switch users. sshd has it's own built-in defenses so it was also not affected. smtpd can be abused to send spam mail - so unpatched OpenBSD boxes mail-servers being wide open to attacks is a problem.
You should absolutely make sure you system is up-to-date if you are using OpenBSD.
- Wine 5.0-rc6 Is Released With 21 Bug-Fixes
- Red Hat Recommends Disabling Hardware Acceleration on Intel Integrated Graphics Due To Hardware Flaw
- CentOS 8.1 Released With New Security Tools For Servers And Containers
- GNU sed 4.8 Is Released
- Latest Linux Kernels Fix Security Flaw In The Intel Processors With iGPUs
- First Xfce 4.14 Maintainance Release Available, ScreenSaver Security Hole Remains Wide Open
- LibreDWG 0.10.1 Brings GNU One Step Closer To Liberating AutoCAD Files
- Linux 5.5rc6 Is Released, 5.5 Final Is Coming In Two To Three Weeks
- Department of Homeland Security Urges Firefox And Thunderbird Users To Upgrade