OpenBSD Fixes Authentication Bypass Flaw and Other Severe Bugs

• Multiple bugs were reported in the Unix-like open-source operating system, OpenBSD.
• Out of these, the most critical one was the authentication bypass vulnerability that was remotely exploitable.

OpenBSD is an operating system that is known for its security protections. Earlier this week, researchers from Qualys Research Labs reported four vulnerabilities in the operating system.

Authentication bypass vulnerability

Tracked as CVE-2019-19521, this authentication bypass vulnerability in the operating system.

• The operating system uses BSD Authentication which enables the use of passwords.
• If an attacker specifies a username in a specific format, the authentication could be forced because of the vulnerability.
• Through smtpd, ldapd, and radiusd, the vulnerability can be remotely exploited.

The security advisory says, “If an attacker specifies a username of the form "-option", they can influence the behavior of the authentication program in unexpected ways.”

Other bugs

Apart from this authentication bypass flaw, a local privilege escalation problem tracked as CVE-2019-19520 was also fixed.

• This flaw allowed attackers to obtain privileges of set-group-ID "auth" through xlock, if the attacker previously had local access to OpenBSD. The flaw is said to be because of a failed check in xlock.
• Yet another local privilege escalation vulnerability, CVE-2019-19522, was also fixed. This flaw existed in the S/Key or YubiKey functions.
• Another vulnerability, CVE-2019-19519, that existed in the ‘su’ function was also patched.

Worth noting

The fixes were reported to have been developed and rolled out in less than 40 hours by the OpenBSD team. OpenBSD 6.5 and OpenBSD 6.6 are recommended to install the security patches available.