CVE-2024-47191
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-47191
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47191.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-47191
- Related
- Published
- 2024-10-09T05:15:13Z
- Modified
- 2024-10-12T11:31:05.804426Z
- Summary
- [none]
- Details
-
pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.
- References
-
- https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3235a52f6b87cd1c5da6508f421ac261f5e33a70
- https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3271139989fde35ab0163b558fc29e80c3a280e5
- https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/60d9902b5c20f27e70f8e9c816bfdc0467567e1a
- https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/95ef255e6a401949ce3f67609bf8aac2029db418
- https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/43
- https://security.opensuse.org/2024/10/04/oath-toolkit-vulnerability.html
- https://www.nongnu.org/oath-toolkit/security/CVE-2024-47191
- https://www.openwall.com/lists/oss-security/2024/10/04/2
- https://security-tracker.debian.org/tracker/CVE-2024-47191
Affected packages
Debian:12 / oath-toolkit
Package
- Name
- oath-toolkit
- Purl
- pkg:deb/debian/oath-toolkit?arch=source
Debian:13 / oath-toolkit
Package
- Name
- oath-toolkit
- Purl
- pkg:deb/debian/oath-toolkit?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.6.12-1
Git / gitlab.com/oath-toolkit/oath-toolkit
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.com/oath-toolkit/oath-toolkit
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixed
Affected versions
Other
hotp-toolkit-1-0-1
oath-toolkit-1-10-0
oath-toolkit-1-10-1
oath-toolkit-1-10-2
oath-toolkit-1-10-3
oath-toolkit-1-10-4
oath-toolkit-1-10-5
oath-toolkit-1-12-0
oath-toolkit-1-12-1
oath-toolkit-1-12-2
oath-toolkit-1-12-3
oath-toolkit-1-12-4
oath-toolkit-1-12-5
oath-toolkit-1-12-6
oath-toolkit-1-2-0
oath-toolkit-1-2-1
oath-toolkit-1-2-2
oath-toolkit-1-4-0
oath-toolkit-1-4-1
oath-toolkit-1-4-2
oath-toolkit-1-4-3
oath-toolkit-1-4-4
oath-toolkit-1-4-5
oath-toolkit-1-4-6
oath-toolkit-1-6-0
oath-toolkit-1-6-1
oath-toolkit-1-6-2
oath-toolkit-1-6-3
oath-toolkit-1-6-4
oath-toolkit-1-8-0
oath-toolkit-1-8-1
oath-toolkit-1-8-2
oath-toolkit-2-0-0
oath-toolkit-2-0-1
oath-toolkit-2-0-2
oath-toolkit-2-2-0
oath-toolkit-2-4-0
oath-toolkit-2-4-1
oath-toolkit-2-6-0
oath-toolkit-2-6-1
oath-toolkit-2-6-2
oath-toolkit-2-6-3
oath-toolkit-2-6-4
oath-toolkit-2-6-5
oath-toolkit-2-6-6
oath-toolkit-2-6-7
oathtool-1-4-4
oathtool-1-4-5
oath-toolkit-1.*
oath-toolkit-1.10.2
oath-toolkit-1.10.3
oath-toolkit-2.*
oath-toolkit-2.6.10
oath-toolkit-2.6.11
oath-toolkit-2.6.7
oath-toolkit-2.6.8
oath-toolkit-2.6.9
v2.*
v2.6.2