CVE-2024-47191

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47191
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47191.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47191
Downstream
Related
Published
2024-10-09T05:15:13Z
Modified
2025-10-22T02:15:07.262132Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

References

Affected packages

Git / gitlab.com/oath-toolkit/oath-toolkit

Affected ranges

Type
GIT
Repo
https://gitlab.com/oath-toolkit/oath-toolkit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3235a52f6b87cd1c5da6508f421ac261f5e33a70
Fixed
3271139989fde35ab0163b558fc29e80c3a280e5
Fixed
60d9902b5c20f27e70f8e9c816bfdc0467567e1a
Fixed
95ef255e6a401949ce3f67609bf8aac2029db418

Affected versions

Other

hotp-toolkit-1-0-1
oath-toolkit-1-10-0
oath-toolkit-1-10-1
oath-toolkit-1-10-2
oath-toolkit-1-10-3
oath-toolkit-1-10-4
oath-toolkit-1-10-5
oath-toolkit-1-12-0
oath-toolkit-1-12-1
oath-toolkit-1-12-2
oath-toolkit-1-12-3
oath-toolkit-1-12-4
oath-toolkit-1-12-5
oath-toolkit-1-12-6
oath-toolkit-1-2-0
oath-toolkit-1-2-1
oath-toolkit-1-2-2
oath-toolkit-1-4-0
oath-toolkit-1-4-1
oath-toolkit-1-4-2
oath-toolkit-1-4-3
oath-toolkit-1-4-4
oath-toolkit-1-4-5
oath-toolkit-1-4-6
oath-toolkit-1-6-0
oath-toolkit-1-6-1
oath-toolkit-1-6-2
oath-toolkit-1-6-3
oath-toolkit-1-6-4
oath-toolkit-1-8-0
oath-toolkit-1-8-1
oath-toolkit-1-8-2
oath-toolkit-2-0-0
oath-toolkit-2-0-1
oath-toolkit-2-0-2
oath-toolkit-2-2-0
oath-toolkit-2-4-0
oath-toolkit-2-4-1
oath-toolkit-2-6-0
oath-toolkit-2-6-1
oath-toolkit-2-6-2
oath-toolkit-2-6-3
oath-toolkit-2-6-4
oath-toolkit-2-6-5
oath-toolkit-2-6-6
oath-toolkit-2-6-7
oathtool-1-4-4
oathtool-1-4-5

oath-toolkit-1.*

oath-toolkit-1.10.2
oath-toolkit-1.10.3

oath-toolkit-2.*

oath-toolkit-2.6.10
oath-toolkit-2.6.11
oath-toolkit-2.6.7
oath-toolkit-2.6.8
oath-toolkit-2.6.9

v2.*

v2.6.2

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "id": "CVE-2024-47191-63b8a56b",
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a",
        "digest": {
            "function_hash": "150163475415627145780831233372622081079",
            "length": 1912.0
        },
        "target": {
            "function": "update_usersfile",
            "file": "liboath/usersfile.c"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "id": "CVE-2024-47191-67835816",
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "118303722128484534829763655044826199820",
                "113750396407888520200423265814822843096",
                "192205521156161072664369892599665425308",
                "250587939673544900646532702394152180191",
                "16577444785971714563791375677823370921",
                "14607612104540372378154204410139244190",
                "182066091048244177114587074548855596849",
                "215404374122972526497467638636625735028",
                "297982287930905698416979719555818143936",
                "55284296392144119260195831427288783119",
                "69099690595760508301862446981101351650",
                "120817687958967094032479205627599015397",
                "157374329403211883771087623990274716291",
                "106095357129078415660026138811944413419",
                "182385000968901722014047492822758553885",
                "55365634476822112744265164094031217162",
                "83209383107059770558321396557224001631",
                "71734868786451371787144613188729725753",
                "170203616653424055582777181962693383272",
                "336087361047998539120287855152552999944",
                "304382038967823919213150713134830339054",
                "134540842428974960574249611175478893586",
                "208635461179115996531600225667077032956",
                "45369572654149848717780697485153569191",
                "64661714366360538115522756694361327754",
                "112055871870454573271165258004789918135",
                "114970903677750122327091532121085730577",
                "217057907718299189835151395394812066023",
                "329102226999494724772557386499992281608",
                "93115686196465329066855251917055504782",
                "58529633996365227363196355905749948795",
                "309170455227378883642288716027478250019",
                "122068963921327377320249754870938883441",
                "305402383358340015338011626571272897104",
                "162375840121274077553642104579431210123",
                "268610487008851323934819936869887638569"
            ]
        },
        "target": {
            "file": "pam_oath/pam_oath.c"
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "id": "CVE-2024-47191-6a021342",
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@3235a52f6b87cd1c5da6508f421ac261f5e33a70",
        "digest": {
            "function_hash": "149950136308806768208460689370762907726",
            "length": 2149.0
        },
        "target": {
            "function": "update_usersfile",
            "file": "liboath/usersfile.c"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "id": "CVE-2024-47191-6ec55e22",
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418",
        "digest": {
            "function_hash": "335507966447049814185238926324250774943",
            "length": 1710.0
        },
        "target": {
            "function": "parse_usersfile_str",
            "file": "pam_oath/pam_oath.c"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "id": "CVE-2024-47191-8a4e0645",
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a",
        "digest": {
            "function_hash": "307168639617190581096523711610506587392",
            "length": 4319.0
        },
        "target": {
            "function": "pam_sm_authenticate",
            "file": "pam_oath/pam_oath.c"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "id": "CVE-2024-47191-9ee4c0de",
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "63328830592474572626055283471493925677",
                "128565006097052610939674930019415914912",
                "196172903755106685320134478317343470076",
                "51441189612312789236976496272157765986",
                "130393951029159609173724525062108234858",
                "224558060176194671403219288017329625950",
                "150797272909165056874863075384496169614",
                "322517342042764005251190109204663070232",
                "67141607314984082648854631073684454486",
                "75349079322159447547565025986032660088",
                "160024789589820681024821762352021861195",
                "49306201606412841008452130857080961450",
                "107249290766096651937046023547870843075",
                "71734868786451371787144613188729725753",
                "170203616653424055582777181962693383272",
                "336087361047998539120287855152552999944",
                "304382038967823919213150713134830339054",
                "62567755991714902376991352630842265692",
                "267386137158390644613873664252477126902",
                "54462751201651164265586516683338044070",
                "161965603491518507529725632821649316272",
                "316707026420753494558299754666425876578",
                "339620478595089829505124405596602929293",
                "96516713770514766103112196321856240827",
                "59202156479327657537142101065511719631",
                "12351231411124172754472608500712838223",
                "89233773585319918384198120804288295847",
                "158792302467923776979869944101737715783",
                "242496389982337509652968937893028416656",
                "222722482670436005982475371626857359109"
            ]
        },
        "target": {
            "file": "pam_oath/pam_oath.c"
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "id": "CVE-2024-47191-a51ceb21",
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@60d9902b5c20f27e70f8e9c816bfdc0467567e1a",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "106534135272604188622357268363575940732",
                "327229284202733781202999752246632506585",
                "305101118003551714491456952308062745896",
                "143587239600720098869710924552878890136"
            ]
        },
        "target": {
            "file": "liboath/errors.c"
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "id": "CVE-2024-47191-b78bc9ac",
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@95ef255e6a401949ce3f67609bf8aac2029db418",
        "digest": {
            "function_hash": "294403998499269779426444564686397087202",
            "length": 4542.0
        },
        "target": {
            "function": "pam_sm_authenticate",
            "file": "pam_oath/pam_oath.c"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "id": "CVE-2024-47191-bb3e1ce2",
        "source": "https://gitlab.com/oath-toolkit/oath-toolkit@3235a52f6b87cd1c5da6508f421ac261f5e33a70",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "322965276451756618292148122576935655099",
                "85266937329261592520212124652104629584",
                "83532349512340445367348917840690795910",
                "68313856654078377990138734391823441398",
                "328636351465844461494438230384155253952",
                "307157957787089165024918271740728984199",
                "45133534365406459624297946571179761858",
                "252931485689532395321207047365435769336",
                "172588051765744943962811035129757075597",
                "29940063419156769373422268911285721917",
                "26546083752878793403448824990421691421",
                "158718382682830108003418315942791485728",
                "74710955409693849829109896333886392822",
                "67692343683348793288236057074106151110",
                "8622398509724841161030410023430914496",
                "264954842459983384211956171702327906167",
                "113600596426960679420486221450650205456",
                "84533248811516032045049487580607224602",
                "217486193975422854174784694670079311774",
                "133221540393983844828487014428315755345"
            ]
        },
        "target": {
            "file": "liboath/usersfile.c"
        },
        "signature_type": "Line",
        "signature_version": "v1"
    }
]