Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-12209

Опубликовано: 04 июн. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

not-affected

1.0.8-1
disco

ignored

end of life
eoan

not-affected

1.0.8-1
esm-apps/bionic

not-affected

vulnerable code not present
esm-apps/focal

not-affected

1.0.8-1
esm-apps/jammy

not-affected

1.0.8-1
esm-apps/noble

not-affected

1.0.8-1
esm-apps/xenial

not-affected

vulnerable code not present

Показывать по

Ссылки на источники

EPSS

Процентиль: 70%
0.00629
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-12209

CVSS3: 7.5
nvd
больше 6 лет назад

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information.

debian логотип

CVE-2019-12209

CVSS3: 7.5
debian
больше 6 лет назад

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (defa ...

github логотип

GHSA-cf2r-5chq-jmm8

CVSS3: 7.5
github
больше 3 лет назад

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information.

fstec логотип

BDU:2019-02526

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость файла аутентификации $HOME/.config/Yubico/u2f_keys PAM-модуля Yubico pam-u2f, позволяющая нарушителю раскрыть защищаемую информацию

suse-cvrf логотип

openSUSE-SU-2019:1725-1

suse-cvrf
больше 6 лет назад

Security update for libu2f-host, pam_u2f

EPSS

Процентиль: 70%
0.00629
Низкий

5 Medium

CVSS2

7.5 High

CVSS3