K000151330: Oath Toolkit vulnerability CVE-2024-47191

Security Advisory Description pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. CVE-2024-47191 Impact There is ...

Azure Linux 3.0 Security Update: oath-toolkit (CVE-2024-47191)

The version of oath-toolkit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47191 advisory. - pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because...

Updated oath-toolkit packages fix security vulnerability

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. CVE-2024-47191...

CVE-2024-47191

CVE-2024-47191 affects oath-toolkit’s PAM module pam_oath.so, with vulnerable versions 2.6.7–2.6.11 (pre-2.6.12). The flaw arises during PAM code execution as root, where the user-credentials file handling can mishandle access to users’ files (e.g., fchown called while a symlink is present), enab...

Multiple PAM vulnerabilities in portable OpenSSH

Subject: Portable OpenSSH Security Advisory: sshpam.adv This document can be found at: http://www.openssh.com/txt/sshpam.adv 1. Versions affected: Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code. At least one of these bugs is remotely exploitable...