Uninitialized Variable in Slicer69 doas Allows Command Execution as Root

Uninitialized Variable in Slicer69 doas Allows Command Execution as Root

CVE-2019-15900 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root.

Learn more about our User Device Pen Test.