Rapid7 Vulnerability & Exploit Database

Alpine Linux: CVE-2019-25016: Vulnerability in main/doas affecting all releases

Back to Search

Alpine Linux: CVE-2019-25016: Vulnerability in main/doas affecting all releases

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
01/28/2021
Created
01/29/2021
Added
01/29/2021
Modified
02/04/2021

Description

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.

Solution(s)

  • alpine-linux-upgrade-doas

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;