Openbsd: >> Openbsd Security Vulnerabilities
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
CVSS Score
9.8
EPSS Score
0.009
Published
2019-12-10
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-05
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.
CVSS Score
7.8
EPSS Score
0.022
Published
2019-12-05
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).
CVSS Score
9.8
EPSS Score
0.005
Published
2019-12-05
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-12-05
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-08-26
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-03-21
tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture.
CVSS Score
5.5
EPSS Score
0.0
Published
2018-08-01
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.
CVSS Score
9.8
EPSS Score
0.054
Published
2017-06-19
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.
CVSS Score
6.5
EPSS Score
0.18
Published
2017-06-19