xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.
References
Configurations
History
No history.
Information
Published : 2019-12-05 00:15
Updated : 2024-11-21 04:34
NVD link : CVE-2019-19520
Mitre link : CVE-2019-19520
CVE.ORG link : CVE-2019-19520
JSON object : View
Products Affected
openbsd
- openbsd
CWE
CWE-863
Incorrect Authorization