Monday, September 28, 03:38
Home security OpenBSD: Security updates for 4 critical vulnerabilities. Update instantly!

OpenBSD: Security updates for 4 critical vulnerabilities. Update instantly!

OpenBSD has fixed four vulnerabilities, including privilege escalation weaknesses and a removable identity bypass.

OpenBSD is one Unix open source operating system which is based on Berkeley Software Distribution (BSD) and is built on safety. On Wednesday, Qualys Research Labs revealed the existence of four vulnerabilities in the operating system.


The vulnerabilities have been named CVE-2019-19522, CVE-2019-19521, CVE-2019-19520 and CVE-2019-19519.

The first error, CVE-2019-19522, is an identity bypass problem found in the OpenBSD authentication protocol. The operating system is based on BSD Authentication though one hacker specifies a specific username, authentication can be enabled automatically. The vulnerability is remotely exploitable via smtpd, ldapd and radiusd.

The second security error, CVE-2019-19520, is a privilege escalation problem caused by a failed xlock test. If an attacker has access to OpenBSD locally, it can gain the privileges of set-group-ID "auth" via xlock, which is installed by default.

CVE-2019-19522, the third error of OpenBSD, is another privilege escalation problem found in the "S / Key" and "YubiKey" modes.

If the S / Key or YubiKey authentication type is enabled (both are installed by default but are disabled), then a local attacker can exploit the rights of the "auth" group to gain full root users.

To gain "auth" privileges, hackers can first exploit CVE-2019-19520 as part of a chain attack.

The fourth and last vulnerability, CVE-2019-19519, was found in "su" mode. Local attackers can take advantage of the suite's "-L" option - a software loop that continues until a proper username and password combination is entered. Password - to connect to itself, but with a different login class.

OpenBSD developers recognized the issues and managed to develop and publish security updates in less than 40 hours.

The patches are available to download. Users of OpenBSD 6.5 and OpenBSD 6.6 should update their devices to remain protected.


Please enter your comment!
Please enter your name here


How to perform actions by tapping on the back of your Android phone

Gestures and shortcuts allow you to quickly access things without having to go through apps and menus. What's up...

iOS 14: The long-awaited new features!

The annual Apple iPhone update, iOS 14, is here, and in addition to the new privacy and security features there are many more.

Business - COVID-19: Storage in the cloud VS data centers!

The COVID-19 pandemic has changed the data for companies worldwide, with the result that they have to change both ...

How to use the Apple Translate App on your iPhone?

Apple's Translate app, introduced in iOS 14, allows iPhone users to do ...

How to turn off private Wi-Fi MAC addresses

Apple has changed the way the iPhone and iPad connect to Wi-Fi networks starting with the iOS 14 and iPadOS 14 updates ....

Mac: See how to rename multiple files at once!

Many people have more difficulty renaming files on a Mac than renaming Windows. The Finder of ...

How can you control the performance of your Chromebook?

Many times users wonder about the performance of their computer and would like to be able to take a look at the system ...

How To Detect Hidden Surveillance Cameras With Your Phone

During our holidays or on business trips, we are forced to stay in hotels or Airbnb ....

How to play the hidden game of Android 11

Google usually includes the so-called "Easter Eggs" in every new version of Android that is released. And Android 11 is not ...

Ring: Amazon's new device is a drone with a security camera

Amazon is ready to launch a new Ring security camera mounted on top of a flying drone.