Security Bulletin: IBM Storage Ceph is vulnerable to Path Traversal in oath-toolkit (CVE-2024-47191)

Summary oath-toolkit is used by IBM Storage Ceph for metrics and authentication. CVE-2024-47191 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2024-47191 DESCRIPTION: pamoath.so in oath-toolkit 2.6.7 through 2.6.11 befo...

TencentOS Server 4: oath-toolkit (TSSA-2024:0674)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0674 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Azure Linux 3.0 Security Update: oath-toolkit (CVE-2024-47191)

The version of oath-toolkit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47191 advisory. - pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because...

GLSA-202412-11 : OATH Toolkit: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-202412-11 OATH Toolkit: Privilege Escalation A vulnerability has been discovered in OATH Toolkit. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from t...

Mageia: Security Advisory (MGASA-2024-0335)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0335 Updated oath-toolkit packages fix security vulnerability

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. CVE-2024-47191...

Fedora 40 : oath-toolkit (2024-cb2e1f0168)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-cb2e1f0168 advisory. This is new version fixing possible local privilege escalation. Tenable has extracted the preceding description block directly from the Fedora...

Fedora 39 : oath-toolkit (2024-dad1d2b46a)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-dad1d2b46a advisory. This is new version fixing possible local privilege escalation. Tenable has extracted the preceding description block directly from the Fedora...

Ubuntu: Security Advisory (USN-7059-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7059-2: OATH Toolkit vulnerability

USN-7059-1 fixed a vulnerability in OATH Toolkit library. This update provides the corresponding update for Ubuntu 24.10. Original advisory details: Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root own...

Important: oath-toolkit

Issue Overview: oath-toolkit: Local root exploit in a PAM module CVE-2024-47191 Affected Packages: oath-toolkit Issue Correction: Run dnf update oath-toolkit --releasever 2023.6.20241010 or dnf update --advisory ALAS2023-2024-722 --releasever 2023.6.20241010 to update your system. More informatio...

Ubuntu: Security Advisory (USN-7059-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7059-1: OATH Toolkit vulnerability

Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack. CVE-2024-47191...

CVE-2024-47191

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...

liboath-devel-2.6.11.12-1.1 on GA media (moderate)

liboath-devel-2.6.11.12-1.1 on GA media Announcement ID: openSUSE-SU-2024:14389-1 Rating: moderate Cross-References: CVE-2024-47191 CVSS scores: CVE-2024-47191 SUSE : 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N CVE-2024-47191 SUSE : 7.2...

Ubuntu 22.04 LTS / 24.04 LTS : OATH Toolkit vulnerability (USN-7059-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7059-1 advisory. Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned...

CBL Mariner 2.0 Security Update: oath-toolkit (CVE-2024-47191)

The version of oath-toolkit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47191 advisory. - pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because...

CVE-2024-47191 affecting package oath-toolkit for versions less than 2.6.7-3

CVE-2024-47191 affecting package oath-toolkit for versions less than 2.6.7-3. A patched version of the package is available...

CVE-2024-47191 affecting package oath-toolkit for versions less than 2.6.9-2

CVE-2024-47191 affecting package oath-toolkit for versions less than 2.6.9-2. A patched version of the package is available...

SUSE CVE-2024-47191

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...