CVE-2024-47191

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-47191
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47191.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47191
Downstream
Related
Published
2024-10-09T05:15:13.420Z
Modified
2026-04-10T05:18:08.970850Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

References

Affected packages

Git / gitlab.com/oath-toolkit/oath-toolkit

Affected ranges

Type
GIT
Repo
https://gitlab.com/oath-toolkit/oath-toolkit
Events
Introduced
3cb25fc9ff468d32b59eceb476c5f48cc870a837
Last affected
11b3c8e755bb13edf67e3cc532c8df543e0cb138
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c872088aca029b4290b480002945c6a013d89086
Fixed
3235a52f6b87cd1c5da6508f421ac261f5e33a70
Fixed
3271139989fde35ab0163b558fc29e80c3a280e5
Fixed
60d9902b5c20f27e70f8e9c816bfdc0467567e1a
Fixed
95ef255e6a401949ce3f67609bf8aac2029db418
Database specific 
{
    "versions": [
        {
            "introduced": "2.6.7"
        },
        {
            "last_affected": "2.6.11"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "2.6.12"
        }
    ]
}

Affected versions

Other
hotp-toolkit-1-0-1
oath-toolkit-1-10-0
oath-toolkit-1-10-1
oath-toolkit-1-10-2
oath-toolkit-1-10-3
oath-toolkit-1-10-4
oath-toolkit-1-10-5
oath-toolkit-1-12-0
oath-toolkit-1-12-1
oath-toolkit-1-12-2
oath-toolkit-1-12-3
oath-toolkit-1-12-4
oath-toolkit-1-12-5
oath-toolkit-1-12-6
oath-toolkit-1-2-0
oath-toolkit-1-2-1
oath-toolkit-1-2-2
oath-toolkit-1-4-0
oath-toolkit-1-4-1
oath-toolkit-1-4-2
oath-toolkit-1-4-3
oath-toolkit-1-4-4
oath-toolkit-1-4-5
oath-toolkit-1-4-6
oath-toolkit-1-6-0
oath-toolkit-1-6-1
oath-toolkit-1-6-2
oath-toolkit-1-6-3
oath-toolkit-1-6-4
oath-toolkit-1-8-0
oath-toolkit-1-8-1
oath-toolkit-1-8-2
oath-toolkit-2-0-0
oath-toolkit-2-0-1
oath-toolkit-2-0-2
oath-toolkit-2-2-0
oath-toolkit-2-4-0
oath-toolkit-2-6-0
oath-toolkit-2-6-1
oath-toolkit-2-6-2
oath-toolkit-2-6-3
oath-toolkit-2-6-4
oath-toolkit-2-6-5
oath-toolkit-2-6-6
oath-toolkit-2-6-7
oathtool-1-4-4
oathtool-1-4-5
oath-toolkit-1.*
oath-toolkit-1.10.2
oath-toolkit-1.10.3
oath-toolkit-2.*
oath-toolkit-2.6.10
oath-toolkit-2.6.11
oath-toolkit-2.6.7
oath-toolkit-2.6.8
oath-toolkit-2.6.9
v2.*
v2.6.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47191.json"