AZL-50121

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-50121.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-50121

Upstream

CVE-2024-47191

Published

2024-10-09T05:15:13Z

Modified

2026-04-01T05:17:29.064765Z

Summary

CVE-2024-47191 affecting package oath-toolkit for versions less than 2.6.7-3

Details

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47191

Affected packages

Azure Linux:2 / oath-toolkit

Package

Name: oath-toolkit
Purl: pkg:rpm/azure-linux/oath-toolkit

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.7-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-50121.json"