An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root.
References
Link | Resource |
---|---|
https://github.com/slicer69/doas/commit/2f83222829448e5bc4c9391d607ec265a1e06531 | Patch |
https://github.com/slicer69/doas/compare/6.1p1...6.2 | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-10-18T15:41:48
Updated: 2019-10-18T15:41:48
Reserved: 2019-09-03T00:00:00
Link: CVE-2019-15900
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-18T16:15:10.257
Modified: 2024-02-16T15:34:01.370
Link: CVE-2019-15900
JSON object: View
Redhat Information
No data.