Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 24.04, 22.04 LTS USN-7059-1 critical: OATH Toolkit file overwrite

Calendar Oct 09, 2024 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory security issue privilege escalation remote attack Ubuntu file permission oath-toolkit
oath-toolkit could be made overwrite files as the administrator. 
==========================================================================

Ubuntu Security Notice USN-7059-1
October 09, 2024

oath-toolkit vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

oath-toolkit could be made overwrite files as the administrator.

Software Description:
- oath-toolkit: Development files for the OATH Toolkit Liboath library

Details:

Fabian Vogt discovered that OATH Toolkit incorrectly handled file
permissions. A remote attacker could possibly use this issue to
overwrite root owned files, leading to a privilege escalation attack.
(CVE-2024-47191)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   liboath-dev                     2.6.11-2.1ubuntu0.1

Ubuntu 22.04 LTS
   liboath-dev                     2.6.7-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7059-1 

   CVE-2024-47191

Package Information:
https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-2.1ubuntu0.1 

https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.7-3ubuntu0.1

Ubuntu 24.04, 22.04 LTS USN-7059-1 critical: OATH Toolkit file overwrite

ubuntu
Calendar Grey October 9, 2024
Dist Ubuntu Esm H88
OATH Toolkit potentially enables unapproved file alteration, jeopardizing administrative control. Upgrade now to safeguard your infrastructure thoroughly.
oath-toolkit could be made overwrite files as the administrator.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: oath-toolkit could be made overwrite files as the administrator. Software Description: - oath-toolkit: Development files for the OATH Toolkit Liboath library Details: Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack. (CVE-2024-47191)

Topics%20covered

Topics Covered

security advisory security issue privilege escalation remote attack Ubuntu file permission oath-toolkit

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS   liboath-dev                     2.6.11-2.1ubuntu0.1 Ubuntu 22.04 LTS   liboath-dev                     2.6.7-3ubuntu0.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7059-1

  CVE-2024-47191

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory security issue privilege escalation remote attack Ubuntu file permission oath-toolkit

Package Information

https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-2.1ubuntu0.1 https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.7-3ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here