8 matches found
CVE-2019-15901
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext3 call with flags to change the UID, primary GID, and secondary GIDs was replaced on certain platforms: Linux and possibly NetBSD with a single setuid2 call. This resulted in neither...
CVE-2019-15900
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum3, sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The resul...
Unspecified vulnerability in slicer69 doas
slicer69 doas is a utility program used on the OpenBSD platform to execute privileged commands for Root users. A security vulnerability exists in slicer69 doas versions prior to 6.2, which can be exploited by an attacker to execute commands with root privileges...
CVE-2019-15900
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum3, sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The resul...
CVE-2019-15901
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext3 call with flags to change the UID, primary GID, and secondary GIDs was replaced on certain platforms: Linux and possibly NetBSD with a single setuid2 call. This resulted in neither...
Command injection
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum3, sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The resul...
CVE-2019-15901
The CVE concerns slicer69 doas prior to 6.2 on non-OpenBSD platforms (Linux, possibly NetBSD). A setusercontext(3) call intended to adjust UID, primary GID, and secondary GIDs was replaced with a single setuid(2) call. As a result, the group ID is not changed and secondary group IDs are not initi...
PT-2019-14463 · Slicer69 · Slicer69 Doas
Name of the Vulnerable Software and Affected Versions: slicer69 doas versions prior to 6.2 Description: An issue was discovered in slicer69 doas where sscanf was used without checking for error cases on platforms without strtonum3. The uninitialized variable errstr was checked, and in some cases,...