What is the vulnerability ID for this OpenBSD vulnerability?

The vulnerability ID for this OpenBSD vulnerability is CVE-2019-19522.

What is the severity rating of CVE-2019-19522?

CVE-2019-19522 has a severity rating of 7.8, which is considered high.

How can local users exploit CVE-2019-19522 to gain root access?

Local users can exploit CVE-2019-19522 to gain root access by leveraging membership in the auth group and writing to root's file in either /etc/skey or /var/db/yubikey.

Is OpenBSD 6.6 the only affected version by this vulnerability?

Yes, OpenBSD 6.6 is the only affected version by this vulnerability.

Where can I find more information about CVE-2019-19522 and its impact?

You can find more information about CVE-2019-19522 and its impact in the following references: [Link 1](http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html), [Link 2](http://seclists.org/fulldisclosure/2019/Dec/14), [Link 3](http://www.openwall.com/lists/oss-security/2019/12/04/5)

Vulnerability/
CVE-2019-19522

high

7.8

CWE

732

5/12/2019

24/8/2020

CVE-2019-19522

First published: Thu Dec 05 2019(Updated: )

OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Openbsd Openbsd	=6.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this OpenBSD vulnerability?
The vulnerability ID for this OpenBSD vulnerability is CVE-2019-19522.
What is the severity rating of CVE-2019-19522?
CVE-2019-19522 has a severity rating of 7.8, which is considered high.
How can local users exploit CVE-2019-19522 to gain root access?
Local users can exploit CVE-2019-19522 to gain root access by leveraging membership in the auth group and writing to root's file in either /etc/skey or /var/db/yubikey.
Is OpenBSD 6.6 the only affected version by this vulnerability?
Yes, OpenBSD 6.6 is the only affected version by this vulnerability.
Where can I find more information about CVE-2019-19522 and its impact?
You can find more information about CVE-2019-19522 and its impact in the following references: [Link 1](http://packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html), [Link 2](http://seclists.org/fulldisclosure/2019/Dec/14), [Link 3](http://www.openwall.com/lists/oss-security/2019/12/04/5)

collector/nvd-index
agent/weakness
agent/severity
vendor/openbsd
canonical/openbsd openbsd
version/openbsd openbsd/6.6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.