CVE-2023-28339

Published: Mar 14, 2023Modified: Feb 27, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later.

Affected (1)

Products: Opendoas Project: Opendoas

Opendoas Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opendoas Project Opendoas	Up to 6.8.2

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (3)

https://github.com/Duncaen/OpenDoas/issues/106

Source: cve@mitre.org

Issue Tracking

https://github.com/Duncaen/OpenDoas/issues/106

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://github.com/Duncaen/OpenDoas/issues/106

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Issue Tracking

Timeline

No history available yet.