pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because in the context of PAM code running as root it mishandles usersfile access such as by calling fchown in the presence of a symlink.

...

CVE-2024-47191

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...

CVE-2024-47191

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...

Mandriva Linux Security Advisory : oath-toolkit (MDVSA-2014:061)

Updated oath-toolkit packages fix security vulnerability : It was found that comments lines starting with a hash in /etc/users.oath could prevent one-time-passwords OTP from being invalidated, leaving the OTP vulnerable to replay attacks CVE-2013-7322. %NASLMINLEVEL 70300 C Tenable Network...