10 matches found
CVE-2026-48983
pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pamusb uses a check-then-act pattern: it calls lstat to test for existence and then calls mkdir separate...
CVE-2026-48983
CVE-2026-48983 affects pam_usb prior to version 0.9.2, where a TOCTOU race in per-device and per-user pad directory creation can be exploited via a symlink substitution. pam_usb performs a check-then-act using lstat() followed by mkdir(), allowing a local attacker to replace the target path with ...
CVE-2026-48983 pam_usb: TOCTOU race condition in pad directory creation allows symlink substitution
pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pamusb uses a check-then-act pattern: it calls lstat to test for existence and then calls mkdir separate...
PT-2026-50784
Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description A symlink race condition exists in the creation of per-device and per-user pad directories. The software employs a check-then-act pattern, where it calls lstat to verify existence and subsequently...
EUVD-2026-32659
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...
CVE-2026-44711
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...
CVE-2026-44711 pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...
CVE-2026-44711
The CVE concerns the pam_usb project for Linux. Affected: pam_usb versions prior to 0.8.7. Root cause: symlink attacks on the pad directory and pad files. Impact: authentication bypass and potential root file corruption. The issue is fixed in version 0.8.7. There is no explicit exploitation statu...
CVE-2026-44711 pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...
pam_usb 授权问题漏洞
pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 have a vulnerability related to authorization issues. This vulnerability stems from symbolic link attacks involving the pad directory and pad files,...