pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.
{ "vanir_signatures": [ { "digest": { "function_hash": "150163475415627145780831233372622081079", "length": 1912.0 }, "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a", "signature_type": "Function", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-47191-63b8a56b", "target": { "function": "update_usersfile", "file": "liboath/usersfile.c" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "118303722128484534829763655044826199820", "113750396407888520200423265814822843096", "192205521156161072664369892599665425308", "250587939673544900646532702394152180191", "16577444785971714563791375677823370921", "14607612104540372378154204410139244190", "182066091048244177114587074548855596849", "215404374122972526497467638636625735028", "297982287930905698416979719555818143936", "55284296392144119260195831427288783119", "69099690595760508301862446981101351650", "120817687958967094032479205627599015397", "157374329403211883771087623990274716291", "106095357129078415660026138811944413419", "182385000968901722014047492822758553885", "55365634476822112744265164094031217162", "83209383107059770558321396557224001631", "71734868786451371787144613188729725753", "170203616653424055582777181962693383272", "336087361047998539120287855152552999944", "304382038967823919213150713134830339054", "134540842428974960574249611175478893586", "208635461179115996531600225667077032956", "45369572654149848717780697485153569191", "64661714366360538115522756694361327754", "112055871870454573271165258004789918135", "114970903677750122327091532121085730577", "217057907718299189835151395394812066023", "329102226999494724772557386499992281608", "93115686196465329066855251917055504782", "58529633996365227363196355905749948795", "309170455227378883642288716027478250019", "122068963921327377320249754870938883441", "305402383358340015338011626571272897104", "162375840121274077553642104579431210123", "268610487008851323934819936869887638569" ] }, "source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418", "signature_type": "Line", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-47191-67835816", "target": { "file": "pam_oath/pam_oath.c" } }, { "digest": { "function_hash": "149950136308806768208460689370762907726", "length": 2149.0 }, "source": "https://gitlab.com/oath-toolkit/oath-toolkit@3235a52f6b87cd1c5da6508f421ac261f5e33a70", "signature_type": "Function", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-47191-6a021342", "target": { "function": "update_usersfile", "file": "liboath/usersfile.c" } }, { "digest": { "function_hash": "335507966447049814185238926324250774943", "length": 1710.0 }, "source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418", "signature_type": "Function", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-47191-6ec55e22", "target": { "function": "parse_usersfile_str", "file": "pam_oath/pam_oath.c" } }, { "digest": { "function_hash": "307168639617190581096523711610506587392", "length": 4319.0 }, "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a", "signature_type": "Function", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-47191-8a4e0645", "target": { "function": "pam_sm_authenticate", "file": "pam_oath/pam_oath.c" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "63328830592474572626055283471493925677", "128565006097052610939674930019415914912", "196172903755106685320134478317343470076", "51441189612312789236976496272157765986", "130393951029159609173724525062108234858", "224558060176194671403219288017329625950", "150797272909165056874863075384496169614", "322517342042764005251190109204663070232", "67141607314984082648854631073684454486", "75349079322159447547565025986032660088", "160024789589820681024821762352021861195", "49306201606412841008452130857080961450", "107249290766096651937046023547870843075", "71734868786451371787144613188729725753", "170203616653424055582777181962693383272", "336087361047998539120287855152552999944", "304382038967823919213150713134830339054", "62567755991714902376991352630842265692", "267386137158390644613873664252477126902", "54462751201651164265586516683338044070", "161965603491518507529725632821649316272", "316707026420753494558299754666425876578", "339620478595089829505124405596602929293", "96516713770514766103112196321856240827", "59202156479327657537142101065511719631", "12351231411124172754472608500712838223", "89233773585319918384198120804288295847", "158792302467923776979869944101737715783", "242496389982337509652968937893028416656", "222722482670436005982475371626857359109" ] }, "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a", "signature_type": "Line", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-47191-9ee4c0de", "target": { "file": "pam_oath/pam_oath.c" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "106534135272604188622357268363575940732", "327229284202733781202999752246632506585", "305101118003551714491456952308062745896", "143587239600720098869710924552878890136" ] }, "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a", "signature_type": "Line", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-47191-a51ceb21", "target": { "file": "liboath/errors.c" } }, { "digest": { "function_hash": "294403998499269779426444564686397087202", "length": 4542.0 }, "source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418", "signature_type": "Function", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-47191-b78bc9ac", "target": { "function": "pam_sm_authenticate", "file": "pam_oath/pam_oath.c" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "322965276451756618292148122576935655099", "85266937329261592520212124652104629584", "83532349512340445367348917840690795910", "68313856654078377990138734391823441398", "328636351465844461494438230384155253952", "307157957787089165024918271740728984199", "45133534365406459624297946571179761858", "252931485689532395321207047365435769336", "172588051765744943962811035129757075597", "29940063419156769373422268911285721917", "26546083752878793403448824990421691421", "158718382682830108003418315942791485728", "74710955409693849829109896333886392822", "67692343683348793288236057074106151110", "8622398509724841161030410023430914496", "264954842459983384211956171702327906167", "113600596426960679420486221450650205456", "84533248811516032045049487580607224602", "217486193975422854174784694670079311774", "133221540393983844828487014428315755345" ] }, "source": "https://gitlab.com/oath-toolkit/oath-toolkit@3235a52f6b87cd1c5da6508f421ac261f5e33a70", "signature_type": "Line", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-47191-bb3e1ce2", "target": { "file": "liboath/usersfile.c" } } ] }