CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47191 – oath-toolkit: Local root exploit in a PAM module
https://notcve.org/view.php?id=CVE-2024-47191
04 Oct 2024 — pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home d... • https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3235a52f6b87cd1c5da6508f421ac261f5e33a70 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 38EXPL: 0CVE-2013-7322 – Mandriva Linux Security Advisory 2014-061
https://notcve.org/view.php?id=CVE-2013-7322
13 Feb 2014 — usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath. usersfile.c en liboath en OATH Toolkit anterior a 2.4.1 no maneja debidamente líneas que contienen un tipo one-time-password (OTP) inválido y un ... • http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html • CWE-287: Improper Authentication •