CVE-2019-19520

HIGH

OpenBSD 6.6 - Privilege Escalation via LIBGL_DRIVERS_PATH Environment Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-19520. PoCs published by retrymp3.

AI-analyzed exploit summary This repository contains a functional privilege escalation exploit for OpenBSD targeting CVE-2019-19520 and CVE-2019-19522. It leverages the xlock binary's SGID 'auth' group vulnerability to escalate privileges to root via S/Key or YubiKey manipulation.

Description

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.

Exploits (1)

nomisec WORKING POC 2 stars

by retrymp3 · poc

https://github.com/retrymp3/Openbsd-Privilege-Escalation

View Code ZIP pw:eip

This repository contains a functional privilege escalation exploit for OpenBSD targeting CVE-2019-19520 and CVE-2019-19522. It leverages the xlock binary's SGID 'auth' group vulnerability to escalate privileges to root via S/Key or YubiKey manipulation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: OpenBSD (xlock, S/Key, YubiKey)

No auth needed

Prerequisites: Access to an OpenBSD system with xlock installed · S/Key or YubiKey authentication enabled

MITRE ATT&CK