PT-2023-21661 · Opendoas+1 · Opendoas+1
Published
2023-03-14
·
Updated
2023-03-21
·
CVE-2023-28339
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenDoas versions 6.8.2 and earlier
Description
The issue allows privilege escalation due to sharing a terminal with the original session when TIOCSTI is available. TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later.
Recommendations
For OpenDoas versions 6.8.2 and earlier, consider disabling the use of TIOCSTI to minimize the risk of exploitation until a patch is available. Restrict access to terminals that may be shared with the original session to prevent privilege escalation.
Exploit
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Opendoas