CVE-2019-25016

HIGH

OpenDoas <6.9 - Privilege Escalation

Title source: llm

Description

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.

References (5)

[Patch, Third Party Advisory] https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/Duncaen/OpenDoas/issues/45

[Release Notes, Third Party Advisory] https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1

[Patch, Third Party Advisory] https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d

View Patch ZIP pw:eip

[Third Party Advisory] https://security.gentoo.org/glsa/202107-11

Scores

CVSS v3 8.8

EPSS 0.0102

EPSS Percentile 77.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-909 CWE-459

Status published

Products (1)

opendoas_project/opendoas 6.6 - 6.8

Published Jan 28, 2021

Tracked Since Feb 18, 2026