Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-47191

Опубликовано: 09 окт. 2024
Источник: debian
EPSS Низкий

Описание

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
oath-toolkitfixed2.6.12-1package
oath-toolkitnot-affectedbullseyepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2024/10/04/2

  • https://security.opensuse.org/2024/10/04/oath-toolkit-vulnerability.html

  • https://www.nongnu.org/oath-toolkit/security/CVE-2024-47191/

  • Introduced with: https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/60d9902b5c20f27e70f8e9c816bfdc0467567e1a (oath-toolkit-2.6.7)

  • Fixed by: https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3235a52f6b87cd1c5da6508f421ac261f5e33a70 (oath-toolkit-2.6.12)

  • Fixed by: https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3271139989fde35ab0163b558fc29e80c3a280e5 (oath-toolkit-2.6.12)

  • Fixed by: https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/95ef255e6a401949ce3f67609bf8aac2029db418 (oath-toolkit-2.6.12)

EPSS

Процентиль: 13%
0.00042
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-47191

CVSS3: 7.1
ubuntu
больше 1 года назад

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

redhat логотип

CVE-2024-47191

CVSS3: 7.1
redhat
больше 1 года назад

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

nvd логотип

CVE-2024-47191

CVSS3: 7.1
nvd
больше 1 года назад

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

msrc логотип

CVE-2024-47191

CVSS3: 7.1
msrc
больше 1 года назад

Описание отсутствует

github логотип

GHSA-w8jp-q8g4-9f42

CVSS3: 7.1
github
больше 1 года назад

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

EPSS

Процентиль: 13%
0.00042
Низкий