CVE-2024-47191

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47191
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47191.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-47191
Downstream
Related
Published
2024-10-09T05:15:13Z
Modified
2025-09-19T15:09:29.561625Z
Summary
[none]
Details

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

References

Affected packages

Git / gitlab.com/oath-toolkit/oath-toolkit

Affected ranges

Type
GIT
Repo
https://gitlab.com/oath-toolkit/oath-toolkit
Events

Affected versions

Other

hotp-toolkit-1-0-1
oath-toolkit-1-10-0
oath-toolkit-1-10-1
oath-toolkit-1-10-2
oath-toolkit-1-10-3
oath-toolkit-1-10-4
oath-toolkit-1-10-5
oath-toolkit-1-12-0
oath-toolkit-1-12-1
oath-toolkit-1-12-2
oath-toolkit-1-12-3
oath-toolkit-1-12-4
oath-toolkit-1-12-5
oath-toolkit-1-12-6
oath-toolkit-1-2-0
oath-toolkit-1-2-1
oath-toolkit-1-2-2
oath-toolkit-1-4-0
oath-toolkit-1-4-1
oath-toolkit-1-4-2
oath-toolkit-1-4-3
oath-toolkit-1-4-4
oath-toolkit-1-4-5
oath-toolkit-1-4-6
oath-toolkit-1-6-0
oath-toolkit-1-6-1
oath-toolkit-1-6-2
oath-toolkit-1-6-3
oath-toolkit-1-6-4
oath-toolkit-1-8-0
oath-toolkit-1-8-1
oath-toolkit-1-8-2
oath-toolkit-2-0-0
oath-toolkit-2-0-1
oath-toolkit-2-0-2
oath-toolkit-2-2-0
oath-toolkit-2-4-0
oath-toolkit-2-4-1
oath-toolkit-2-6-0
oath-toolkit-2-6-1
oath-toolkit-2-6-2
oath-toolkit-2-6-3
oath-toolkit-2-6-4
oath-toolkit-2-6-5
oath-toolkit-2-6-6
oath-toolkit-2-6-7
oathtool-1-4-4
oathtool-1-4-5

oath-toolkit-1.*

oath-toolkit-1.10.2
oath-toolkit-1.10.3

oath-toolkit-2.*

oath-toolkit-2.6.10
oath-toolkit-2.6.11
oath-toolkit-2.6.7
oath-toolkit-2.6.8
oath-toolkit-2.6.9

v2.*

v2.6.2

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "150163475415627145780831233372622081079",
                "length": 1912.0
            },
            "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a",
            "signature_type": "Function",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-47191-63b8a56b",
            "target": {
                "function": "update_usersfile",
                "file": "liboath/usersfile.c"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "118303722128484534829763655044826199820",
                    "113750396407888520200423265814822843096",
                    "192205521156161072664369892599665425308",
                    "250587939673544900646532702394152180191",
                    "16577444785971714563791375677823370921",
                    "14607612104540372378154204410139244190",
                    "182066091048244177114587074548855596849",
                    "215404374122972526497467638636625735028",
                    "297982287930905698416979719555818143936",
                    "55284296392144119260195831427288783119",
                    "69099690595760508301862446981101351650",
                    "120817687958967094032479205627599015397",
                    "157374329403211883771087623990274716291",
                    "106095357129078415660026138811944413419",
                    "182385000968901722014047492822758553885",
                    "55365634476822112744265164094031217162",
                    "83209383107059770558321396557224001631",
                    "71734868786451371787144613188729725753",
                    "170203616653424055582777181962693383272",
                    "336087361047998539120287855152552999944",
                    "304382038967823919213150713134830339054",
                    "134540842428974960574249611175478893586",
                    "208635461179115996531600225667077032956",
                    "45369572654149848717780697485153569191",
                    "64661714366360538115522756694361327754",
                    "112055871870454573271165258004789918135",
                    "114970903677750122327091532121085730577",
                    "217057907718299189835151395394812066023",
                    "329102226999494724772557386499992281608",
                    "93115686196465329066855251917055504782",
                    "58529633996365227363196355905749948795",
                    "309170455227378883642288716027478250019",
                    "122068963921327377320249754870938883441",
                    "305402383358340015338011626571272897104",
                    "162375840121274077553642104579431210123",
                    "268610487008851323934819936869887638569"
                ]
            },
            "source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418",
            "signature_type": "Line",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-47191-67835816",
            "target": {
                "file": "pam_oath/pam_oath.c"
            }
        },
        {
            "digest": {
                "function_hash": "149950136308806768208460689370762907726",
                "length": 2149.0
            },
            "source": "https://gitlab.com/oath-toolkit/oath-toolkit@3235a52f6b87cd1c5da6508f421ac261f5e33a70",
            "signature_type": "Function",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-47191-6a021342",
            "target": {
                "function": "update_usersfile",
                "file": "liboath/usersfile.c"
            }
        },
        {
            "digest": {
                "function_hash": "335507966447049814185238926324250774943",
                "length": 1710.0
            },
            "source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418",
            "signature_type": "Function",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-47191-6ec55e22",
            "target": {
                "function": "parse_usersfile_str",
                "file": "pam_oath/pam_oath.c"
            }
        },
        {
            "digest": {
                "function_hash": "307168639617190581096523711610506587392",
                "length": 4319.0
            },
            "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a",
            "signature_type": "Function",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-47191-8a4e0645",
            "target": {
                "function": "pam_sm_authenticate",
                "file": "pam_oath/pam_oath.c"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "63328830592474572626055283471493925677",
                    "128565006097052610939674930019415914912",
                    "196172903755106685320134478317343470076",
                    "51441189612312789236976496272157765986",
                    "130393951029159609173724525062108234858",
                    "224558060176194671403219288017329625950",
                    "150797272909165056874863075384496169614",
                    "322517342042764005251190109204663070232",
                    "67141607314984082648854631073684454486",
                    "75349079322159447547565025986032660088",
                    "160024789589820681024821762352021861195",
                    "49306201606412841008452130857080961450",
                    "107249290766096651937046023547870843075",
                    "71734868786451371787144613188729725753",
                    "170203616653424055582777181962693383272",
                    "336087361047998539120287855152552999944",
                    "304382038967823919213150713134830339054",
                    "62567755991714902376991352630842265692",
                    "267386137158390644613873664252477126902",
                    "54462751201651164265586516683338044070",
                    "161965603491518507529725632821649316272",
                    "316707026420753494558299754666425876578",
                    "339620478595089829505124405596602929293",
                    "96516713770514766103112196321856240827",
                    "59202156479327657537142101065511719631",
                    "12351231411124172754472608500712838223",
                    "89233773585319918384198120804288295847",
                    "158792302467923776979869944101737715783",
                    "242496389982337509652968937893028416656",
                    "222722482670436005982475371626857359109"
                ]
            },
            "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a",
            "signature_type": "Line",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-47191-9ee4c0de",
            "target": {
                "file": "pam_oath/pam_oath.c"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "106534135272604188622357268363575940732",
                    "327229284202733781202999752246632506585",
                    "305101118003551714491456952308062745896",
                    "143587239600720098869710924552878890136"
                ]
            },
            "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a",
            "signature_type": "Line",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-47191-a51ceb21",
            "target": {
                "file": "liboath/errors.c"
            }
        },
        {
            "digest": {
                "function_hash": "294403998499269779426444564686397087202",
                "length": 4542.0
            },
            "source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418",
            "signature_type": "Function",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-47191-b78bc9ac",
            "target": {
                "function": "pam_sm_authenticate",
                "file": "pam_oath/pam_oath.c"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "322965276451756618292148122576935655099",
                    "85266937329261592520212124652104629584",
                    "83532349512340445367348917840690795910",
                    "68313856654078377990138734391823441398",
                    "328636351465844461494438230384155253952",
                    "307157957787089165024918271740728984199",
                    "45133534365406459624297946571179761858",
                    "252931485689532395321207047365435769336",
                    "172588051765744943962811035129757075597",
                    "29940063419156769373422268911285721917",
                    "26546083752878793403448824990421691421",
                    "158718382682830108003418315942791485728",
                    "74710955409693849829109896333886392822",
                    "67692343683348793288236057074106151110",
                    "8622398509724841161030410023430914496",
                    "264954842459983384211956171702327906167",
                    "113600596426960679420486221450650205456",
                    "84533248811516032045049487580607224602",
                    "217486193975422854174784694670079311774",
                    "133221540393983844828487014428315755345"
                ]
            },
            "source": "https://gitlab.com/oath-toolkit/oath-toolkit@3235a52f6b87cd1c5da6508f421ac261f5e33a70",
            "signature_type": "Line",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-47191-bb3e1ce2",
            "target": {
                "file": "liboath/usersfile.c"
            }
        }
    ]
}