CVE-2024-47191

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47191
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47191.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-47191
Downstream
Related
Published
2024-10-09T05:15:13Z
Modified
2025-10-17T12:21:32.895360Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

References

Affected packages

Git / gitlab.com/oath-toolkit/oath-toolkit

Affected ranges

Type
GIT
Repo
https://gitlab.com/oath-toolkit/oath-toolkit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3235a52f6b87cd1c5da6508f421ac261f5e33a70
Fixed
3271139989fde35ab0163b558fc29e80c3a280e5
Fixed
60d9902b5c20f27e70f8e9c816bfdc0467567e1a
Fixed
95ef255e6a401949ce3f67609bf8aac2029db418

Affected versions

Other

hotp-toolkit-1-0-1
oath-toolkit-1-10-0
oath-toolkit-1-10-1
oath-toolkit-1-10-2
oath-toolkit-1-10-3
oath-toolkit-1-10-4
oath-toolkit-1-10-5
oath-toolkit-1-12-0
oath-toolkit-1-12-1
oath-toolkit-1-12-2
oath-toolkit-1-12-3
oath-toolkit-1-12-4
oath-toolkit-1-12-5
oath-toolkit-1-12-6
oath-toolkit-1-2-0
oath-toolkit-1-2-1
oath-toolkit-1-2-2
oath-toolkit-1-4-0
oath-toolkit-1-4-1
oath-toolkit-1-4-2
oath-toolkit-1-4-3
oath-toolkit-1-4-4
oath-toolkit-1-4-5
oath-toolkit-1-4-6
oath-toolkit-1-6-0
oath-toolkit-1-6-1
oath-toolkit-1-6-2
oath-toolkit-1-6-3
oath-toolkit-1-6-4
oath-toolkit-1-8-0
oath-toolkit-1-8-1
oath-toolkit-1-8-2
oath-toolkit-2-0-0
oath-toolkit-2-0-1
oath-toolkit-2-0-2
oath-toolkit-2-2-0
oath-toolkit-2-4-0
oath-toolkit-2-4-1
oath-toolkit-2-6-0
oath-toolkit-2-6-1
oath-toolkit-2-6-2
oath-toolkit-2-6-3
oath-toolkit-2-6-4
oath-toolkit-2-6-5
oath-toolkit-2-6-6
oath-toolkit-2-6-7
oathtool-1-4-4
oathtool-1-4-5

oath-toolkit-1.*

oath-toolkit-1.10.2
oath-toolkit-1.10.3

oath-toolkit-2.*

oath-toolkit-2.6.10
oath-toolkit-2.6.11
oath-toolkit-2.6.7
oath-toolkit-2.6.8
oath-toolkit-2.6.9

v2.*

v2.6.2

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-47191-1cd99fbc",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "liboath/usersfile.c",
            "function": "oath_authenticate_usersfile"
        },
        "digest": {
            "function_hash": "125054955870264178810687889690752221970",
            "length": 952.0
        },
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a"
    },
    {
        "id": "CVE-2024-47191-63b8a56b",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "liboath/usersfile.c",
            "function": "update_usersfile"
        },
        "digest": {
            "function_hash": "150163475415627145780831233372622081079",
            "length": 1912.0
        },
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a"
    },
    {
        "id": "CVE-2024-47191-67835816",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "pam_oath/pam_oath.c"
        },
        "digest": {
            "line_hashes": [
                "118303722128484534829763655044826199820",
                "113750396407888520200423265814822843096",
                "192205521156161072664369892599665425308",
                "250587939673544900646532702394152180191",
                "16577444785971714563791375677823370921",
                "14607612104540372378154204410139244190",
                "182066091048244177114587074548855596849",
                "215404374122972526497467638636625735028",
                "297982287930905698416979719555818143936",
                "55284296392144119260195831427288783119",
                "69099690595760508301862446981101351650",
                "120817687958967094032479205627599015397",
                "157374329403211883771087623990274716291",
                "106095357129078415660026138811944413419",
                "182385000968901722014047492822758553885",
                "55365634476822112744265164094031217162",
                "83209383107059770558321396557224001631",
                "71734868786451371787144613188729725753",
                "170203616653424055582777181962693383272",
                "336087361047998539120287855152552999944",
                "304382038967823919213150713134830339054",
                "134540842428974960574249611175478893586",
                "208635461179115996531600225667077032956",
                "45369572654149848717780697485153569191",
                "64661714366360538115522756694361327754",
                "112055871870454573271165258004789918135",
                "114970903677750122327091532121085730577",
                "217057907718299189835151395394812066023",
                "329102226999494724772557386499992281608",
                "93115686196465329066855251917055504782",
                "58529633996365227363196355905749948795",
                "309170455227378883642288716027478250019",
                "122068963921327377320249754870938883441",
                "305402383358340015338011626571272897104",
                "162375840121274077553642104579431210123",
                "268610487008851323934819936869887638569"
            ],
            "threshold": 0.9
        },
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418"
    },
    {
        "id": "CVE-2024-47191-6a021342",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "liboath/usersfile.c",
            "function": "update_usersfile"
        },
        "digest": {
            "function_hash": "149950136308806768208460689370762907726",
            "length": 2149.0
        },
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@3235a52f6b87cd1c5da6508f421ac261f5e33a70"
    },
    {
        "id": "CVE-2024-47191-6ec55e22",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "pam_oath/pam_oath.c",
            "function": "parse_usersfile_str"
        },
        "digest": {
            "function_hash": "335507966447049814185238926324250774943",
            "length": 1710.0
        },
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418"
    },
    {
        "id": "CVE-2024-47191-8a4e0645",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "pam_oath/pam_oath.c",
            "function": "pam_sm_authenticate"
        },
        "digest": {
            "function_hash": "307168639617190581096523711610506587392",
            "length": 4319.0
        },
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a"
    },
    {
        "id": "CVE-2024-47191-9ee4c0de",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "pam_oath/pam_oath.c"
        },
        "digest": {
            "line_hashes": [
                "63328830592474572626055283471493925677",
                "128565006097052610939674930019415914912",
                "196172903755106685320134478317343470076",
                "51441189612312789236976496272157765986",
                "130393951029159609173724525062108234858",
                "224558060176194671403219288017329625950",
                "150797272909165056874863075384496169614",
                "322517342042764005251190109204663070232",
                "67141607314984082648854631073684454486",
                "75349079322159447547565025986032660088",
                "160024789589820681024821762352021861195",
                "49306201606412841008452130857080961450",
                "107249290766096651937046023547870843075",
                "71734868786451371787144613188729725753",
                "170203616653424055582777181962693383272",
                "336087361047998539120287855152552999944",
                "304382038967823919213150713134830339054",
                "62567755991714902376991352630842265692",
                "267386137158390644613873664252477126902",
                "54462751201651164265586516683338044070",
                "161965603491518507529725632821649316272",
                "316707026420753494558299754666425876578",
                "339620478595089829505124405596602929293",
                "96516713770514766103112196321856240827",
                "59202156479327657537142101065511719631",
                "12351231411124172754472608500712838223",
                "89233773585319918384198120804288295847",
                "158792302467923776979869944101737715783",
                "242496389982337509652968937893028416656",
                "222722482670436005982475371626857359109"
            ],
            "threshold": 0.9
        },
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a"
    },
    {
        "id": "CVE-2024-47191-a51ceb21",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "liboath/errors.c"
        },
        "digest": {
            "line_hashes": [
                "106534135272604188622357268363575940732",
                "327229284202733781202999752246632506585",
                "305101118003551714491456952308062745896",
                "143587239600720098869710924552878890136"
            ],
            "threshold": 0.9
        },
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a"
    },
    {
        "id": "CVE-2024-47191-b78bc9ac",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "pam_oath/pam_oath.c",
            "function": "pam_sm_authenticate"
        },
        "digest": {
            "function_hash": "294403998499269779426444564686397087202",
            "length": 4542.0
        },
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418"
    },
    {
        "id": "CVE-2024-47191-da276877",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "liboath/usersfile.c"
        },
        "digest": {
            "line_hashes": [
                "77356626730479095668898279924939853202",
                "302995508335471459041341298549478690787",
                "240876910535420676823860347892873898314",
                "198114621910145439209491359272120687101",
                "48152916883247191250956237810440346698",
                "125012177427817774906334562997514313113",
                "152655665641405091550812777229035797463",
                "329228649041995808542369474494889799076",
                "31759426934434862669696141774218108942",
                "187341775745741188330578200796041900707",
                "178334014225582420263931720508299359065",
                "187335175996849028499564390302583624226",
                "83172690927995641433149062700670843081",
                "5100229211810924456112289818708275079",
                "292716962379965076577996299682428405399",
                "13305142197058146338334431399308246998"
            ],
            "threshold": 0.9
        },
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a"
    }
]