Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Mageia 9 - MGASA-2024-0335: Critical oath-toolkit Privilege Escalation

mageia
Calendar Grey October 25, 2024
Dist Mageia Esm H88
The latest oath-toolkit updates resolve a critical vulnerability that could lead to unauthorized privilege escalation. For detailed information, check out the Mageia advisory.
pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access,...

Summary

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. (CVE-2024-47191)

References

- https://bugs.mageia.org/show_bug.cgi?id=33619

- https://lists.archlinux.org/archives/list/arch-security@lists.archlinux.org/message/IDKMOOVTHHDXCEEZ2S4VVYLM3N5QBPJA/

- https://www.cve.org/CVERecord?id=CVE-2024-47191

Resolution

SRPMS

- 9/core/oath-toolkit-2.6.7-1.1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 25 Oct 2024
URL: https://advisories.mageia.org/MGASA-2024-0335.html
Type: security
CVE: CVE-2024-47191

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here