Beautiful OpenBSD Root Exploit Published
Cloud provider Qualys published a beautiful Local Privilege Escalation exploit for recent versions of the OpenBSD on Wednesday the 12th of December. Any regular account can get full root access on a default installation. The OpenBSD developer team, lead by Theo de Raadt, were so embarrassed by this that they created a patch which fixes the vulnerability in less than 3 hours.
published 2019-12-13 - last edited 2020-01-30
The exploit, published on seclists.org with the title Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726), is quite ingenious and beautiful. The proof-of-concept root exploit tricks the system library loader
ld.so into loading what should have been a system library from the current folder. It's worth reading through the proof of concept if you enjoy beautiful and clever exploits.
The security-focused OpenBSD team were so embarrassed that they worked for 3 hours strait in order to create a patches for OpenBSD which fixes all the security holes used by this exploit. OpenBSD users should probably upgrade. The creators of the proof-of-concept tested it on OpenBSD 6.6 (current release) as well as 6.5, 6.2 and 6.1 - on both amd64 and i386.
This is the second enjoyable security-flaw Qualys has found this month; the first being "Authentication vulnerabilities in OpenBSD" published on December 5th. Those vulnerabilities can be used to bypass remote authentication for smtpd, ldapd and even su - but you can't get root using su, only switch users. sshd has it's own built-in defenses so it was also not affected. smtpd can be abused to send spam mail - so unpatched OpenBSD boxes mail-servers being wide open to attacks is a problem.
You should absolutely make sure you system is up-to-date if you are using OpenBSD.
- Total War: SHOGUN 2 Is Being Given Away For Free On Steam Until May 1st
- Focal fossa
- Chromium 81 Is Released With Many Security Fixes And Mostly Working Vulkan Rendering Support
- Qt Could Go Proprietary, KDE Relationship And Qt-Based Free Software In Jeopardy
- The Secret Chronicles of Dr. M 2.1.0 RC1 Is Released
- Linux 5.6.2 Is Released With Intel Wifi Fix
- GNOME And KDE Are Merging To KNOME - The Next Generation Linux Desktop Environment
- Second Mini Album "Dear My Color" From Korean Pop Sensation 보라미유 (Boramiyu) Is Released And It Is Wonderful
- Wine 5.5 Brings Bux Fixes For Beat Hazard 2, iTunes, How To Survive And More