CVE-2019-19726

Name of the Vulnerable Software and Affected Versions OpenBSD versions through 6.6

Description The issue allows local users to escalate to root because a check for LD LIBRARY PATH in setuid programs can be defeated by setting a very small RLIMIT DATA resource limit. When executing chpass or passwd (which are setuid root), dl setup env in ld.so tries to strip LD LIBRARY PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.

Recommendations For OpenBSD versions through 6.6, as a temporary workaround, consider restricting the use of setuid programs such as chpass or passwd until a patch is available. Additionally, setting appropriate RLIMIT DATA resource limits can help mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.