CVE-2024-47191
CVE-2024-47191
pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3235a52f6b87cd1c5da6508f421ac261f5e33a70https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3271139989fde35ab0163b558fc29e80c3a280e5https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/60d9902b5c20f27e70f8e9c816bfdc0467567e1ahttps://gitlab.com/oath-toolkit/oath-toolkit/-/commit/95ef255e6a401949ce3f67609bf8aac2029db418https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/43https://security.opensuse.org/2024/10/04/oath-toolkit-vulnerability.htmlhttps://www.nongnu.org/oath-toolkit/security/CVE-2024-47191https://www.openwall.com/lists/oss-security/2024/10/04/2http://www.openwall.com/lists/oss-security/2024/10/04/2http://www.openwall.com/lists/oss-security/2024/10/05/1http://www.openwall.com/lists/oss-security/2024/10/08/1http://www.openwall.com/lists/oss-security/2024/10/08/2