Описание
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | ignored | end of life |
| devel | not-affected | 2.26-1 |
| disco | not-affected | 2.26-1 |
| eoan | not-affected | 2.26-1 |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | not-affected | 2.26-1 |
| esm-apps/jammy | not-affected | 2.26-1 |
| esm-apps/noble | not-affected | 2.26-1 |
Показывать по
EPSS
6.4 Medium
CVSS2
8.2 High
CVSS3
Связанные уязвимости
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico ...
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).
EPSS
6.4 Medium
CVSS2
8.2 High
CVSS3