CVE-2024-47191
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-47191
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47191.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-47191
- Downstream
- Related
- Published
- 2024-10-09T05:15:13Z
- Modified
- 2025-09-19T15:09:29.561625Z
- Summary
- [none]
- Details
-
pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.
- References
-
- https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3235a52f6b87cd1c5da6508f421ac261f5e33a70
- https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3271139989fde35ab0163b558fc29e80c3a280e5
- https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/60d9902b5c20f27e70f8e9c816bfdc0467567e1a
- https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/95ef255e6a401949ce3f67609bf8aac2029db418
- https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/43
- https://security.opensuse.org/2024/10/04/oath-toolkit-vulnerability.html
- https://www.nongnu.org/oath-toolkit/security/CVE-2024-47191
- https://www.openwall.com/lists/oss-security/2024/10/04/2
- http://www.openwall.com/lists/oss-security/2024/10/04/2
- http://www.openwall.com/lists/oss-security/2024/10/05/1
- http://www.openwall.com/lists/oss-security/2024/10/08/1
- http://www.openwall.com/lists/oss-security/2024/10/08/2
- http://www.openwall.com/lists/oss-security/2024/10/08/4
- http://www.openwall.com/lists/oss-security/2024/10/15/7
- http://www.openwall.com/lists/oss-security/2024/10/17/1
- http://www.openwall.com/lists/oss-security/2024/10/18/1
- http://www.openwall.com/lists/oss-security/2024/10/18/2
Affected packages
Git / gitlab.com/oath-toolkit/oath-toolkit
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.com/oath-toolkit/oath-toolkit
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixed
Affected versions
Other
hotp-toolkit-1-0-1
oath-toolkit-1-10-0
oath-toolkit-1-10-1
oath-toolkit-1-10-2
oath-toolkit-1-10-3
oath-toolkit-1-10-4
oath-toolkit-1-10-5
oath-toolkit-1-12-0
oath-toolkit-1-12-1
oath-toolkit-1-12-2
oath-toolkit-1-12-3
oath-toolkit-1-12-4
oath-toolkit-1-12-5
oath-toolkit-1-12-6
oath-toolkit-1-2-0
oath-toolkit-1-2-1
oath-toolkit-1-2-2
oath-toolkit-1-4-0
oath-toolkit-1-4-1
oath-toolkit-1-4-2
oath-toolkit-1-4-3
oath-toolkit-1-4-4
oath-toolkit-1-4-5
oath-toolkit-1-4-6
oath-toolkit-1-6-0
oath-toolkit-1-6-1
oath-toolkit-1-6-2
oath-toolkit-1-6-3
oath-toolkit-1-6-4
oath-toolkit-1-8-0
oath-toolkit-1-8-1
oath-toolkit-1-8-2
oath-toolkit-2-0-0
oath-toolkit-2-0-1
oath-toolkit-2-0-2
oath-toolkit-2-2-0
oath-toolkit-2-4-0
oath-toolkit-2-4-1
oath-toolkit-2-6-0
oath-toolkit-2-6-1
oath-toolkit-2-6-2
oath-toolkit-2-6-3
oath-toolkit-2-6-4
oath-toolkit-2-6-5
oath-toolkit-2-6-6
oath-toolkit-2-6-7
oathtool-1-4-4
oathtool-1-4-5
oath-toolkit-1.*
oath-toolkit-1.10.2
oath-toolkit-1.10.3
oath-toolkit-2.*
oath-toolkit-2.6.10
oath-toolkit-2.6.11
oath-toolkit-2.6.7
oath-toolkit-2.6.8
oath-toolkit-2.6.9
v2.*
v2.6.2
Database specific
{
"vanir_signatures": [
{
"digest": {
"function_hash": "150163475415627145780831233372622081079",
"length": 1912.0
},
"source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-47191-63b8a56b",
"target": {
"function": "update_usersfile",
"file": "liboath/usersfile.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"118303722128484534829763655044826199820",
"113750396407888520200423265814822843096",
"192205521156161072664369892599665425308",
"250587939673544900646532702394152180191",
"16577444785971714563791375677823370921",
"14607612104540372378154204410139244190",
"182066091048244177114587074548855596849",
"215404374122972526497467638636625735028",
"297982287930905698416979719555818143936",
"55284296392144119260195831427288783119",
"69099690595760508301862446981101351650",
"120817687958967094032479205627599015397",
"157374329403211883771087623990274716291",
"106095357129078415660026138811944413419",
"182385000968901722014047492822758553885",
"55365634476822112744265164094031217162",
"83209383107059770558321396557224001631",
"71734868786451371787144613188729725753",
"170203616653424055582777181962693383272",
"336087361047998539120287855152552999944",
"304382038967823919213150713134830339054",
"134540842428974960574249611175478893586",
"208635461179115996531600225667077032956",
"45369572654149848717780697485153569191",
"64661714366360538115522756694361327754",
"112055871870454573271165258004789918135",
"114970903677750122327091532121085730577",
"217057907718299189835151395394812066023",
"329102226999494724772557386499992281608",
"93115686196465329066855251917055504782",
"58529633996365227363196355905749948795",
"309170455227378883642288716027478250019",
"122068963921327377320249754870938883441",
"305402383358340015338011626571272897104",
"162375840121274077553642104579431210123",
"268610487008851323934819936869887638569"
]
},
"source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-47191-67835816",
"target": {
"file": "pam_oath/pam_oath.c"
}
},
{
"digest": {
"function_hash": "149950136308806768208460689370762907726",
"length": 2149.0
},
"source": "https://gitlab.com/oath-toolkit/oath-toolkit@3235a52f6b87cd1c5da6508f421ac261f5e33a70",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-47191-6a021342",
"target": {
"function": "update_usersfile",
"file": "liboath/usersfile.c"
}
},
{
"digest": {
"function_hash": "335507966447049814185238926324250774943",
"length": 1710.0
},
"source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-47191-6ec55e22",
"target": {
"function": "parse_usersfile_str",
"file": "pam_oath/pam_oath.c"
}
},
{
"digest": {
"function_hash": "307168639617190581096523711610506587392",
"length": 4319.0
},
"source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-47191-8a4e0645",
"target": {
"function": "pam_sm_authenticate",
"file": "pam_oath/pam_oath.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"63328830592474572626055283471493925677",
"128565006097052610939674930019415914912",
"196172903755106685320134478317343470076",
"51441189612312789236976496272157765986",
"130393951029159609173724525062108234858",
"224558060176194671403219288017329625950",
"150797272909165056874863075384496169614",
"322517342042764005251190109204663070232",
"67141607314984082648854631073684454486",
"75349079322159447547565025986032660088",
"160024789589820681024821762352021861195",
"49306201606412841008452130857080961450",
"107249290766096651937046023547870843075",
"71734868786451371787144613188729725753",
"170203616653424055582777181962693383272",
"336087361047998539120287855152552999944",
"304382038967823919213150713134830339054",
"62567755991714902376991352630842265692",
"267386137158390644613873664252477126902",
"54462751201651164265586516683338044070",
"161965603491518507529725632821649316272",
"316707026420753494558299754666425876578",
"339620478595089829505124405596602929293",
"96516713770514766103112196321856240827",
"59202156479327657537142101065511719631",
"12351231411124172754472608500712838223",
"89233773585319918384198120804288295847",
"158792302467923776979869944101737715783",
"242496389982337509652968937893028416656",
"222722482670436005982475371626857359109"
]
},
"source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-47191-9ee4c0de",
"target": {
"file": "pam_oath/pam_oath.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"106534135272604188622357268363575940732",
"327229284202733781202999752246632506585",
"305101118003551714491456952308062745896",
"143587239600720098869710924552878890136"
]
},
"source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-47191-a51ceb21",
"target": {
"file": "liboath/errors.c"
}
},
{
"digest": {
"function_hash": "294403998499269779426444564686397087202",
"length": 4542.0
},
"source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-47191-b78bc9ac",
"target": {
"function": "pam_sm_authenticate",
"file": "pam_oath/pam_oath.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"322965276451756618292148122576935655099",
"85266937329261592520212124652104629584",
"83532349512340445367348917840690795910",
"68313856654078377990138734391823441398",
"328636351465844461494438230384155253952",
"307157957787089165024918271740728984199",
"45133534365406459624297946571179761858",
"252931485689532395321207047365435769336",
"172588051765744943962811035129757075597",
"29940063419156769373422268911285721917",
"26546083752878793403448824990421691421",
"158718382682830108003418315942791485728",
"74710955409693849829109896333886392822",
"67692343683348793288236057074106151110",
"8622398509724841161030410023430914496",
"264954842459983384211956171702327906167",
"113600596426960679420486221450650205456",
"84533248811516032045049487580607224602",
"217486193975422854174784694670079311774",
"133221540393983844828487014428315755345"
]
},
"source": "https://gitlab.com/oath-toolkit/oath-toolkit@3235a52f6b87cd1c5da6508f421ac261f5e33a70",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-47191-bb3e1ce2",
"target": {
"file": "liboath/usersfile.c"
}
}
]
}