Vulnerabilities > CVE-2023-28339 - Unspecified vulnerability in Opendoas Project Opendoas

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

opendoas-project

NVD

Published: 2023-03-14

Updated: 2023-03-21

Summary

OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later.

Vulnerable Configurations

Part	Description	Count
Application	Opendoas_Project Opendoas Project Opendoas - Opendoas Project Opendoas 0.1 Opendoas Project Opendoas 0.2 Opendoas Project Opendoas 0.3 Opendoas Project Opendoas 0.3.1 Opendoas Project Opendoas 0.3.2 Opendoas Project Opendoas 6.0 Opendoas Project Opendoas 6.6 Opendoas Project Opendoas 6.6.1 Opendoas Project Opendoas 6.8 Opendoas Project Opendoas 6.8.1 Opendoas Project Opendoas 6.8.2	12

References

https://github.com/Duncaen/OpenDoas/issues/106