High severity7.1NVD Advisory· Published Oct 9, 2024· Updated Apr 15, 2026
CVE-2024-47191
CVE-2024-47191
Description
pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.
Patches
5c872088aca023235a52f6b873271139989fd60d9902b5c2095ef255e6a40Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
17- www.openwall.com/lists/oss-security/2024/10/04/2nvd
- www.openwall.com/lists/oss-security/2024/10/05/1nvd
- www.openwall.com/lists/oss-security/2024/10/08/1nvd
- www.openwall.com/lists/oss-security/2024/10/08/2nvd
- www.openwall.com/lists/oss-security/2024/10/08/4nvd
- www.openwall.com/lists/oss-security/2024/10/15/7nvd
- www.openwall.com/lists/oss-security/2024/10/17/1nvd
- www.openwall.com/lists/oss-security/2024/10/18/1nvd
- www.openwall.com/lists/oss-security/2024/10/18/2nvd
- gitlab.com/oath-toolkit/oath-toolkit/-/commit/3235a52f6b87cd1c5da6508f421ac261f5e33a70nvd
- gitlab.com/oath-toolkit/oath-toolkit/-/commit/3271139989fde35ab0163b558fc29e80c3a280e5nvd
- gitlab.com/oath-toolkit/oath-toolkit/-/commit/60d9902b5c20f27e70f8e9c816bfdc0467567e1anvd
- gitlab.com/oath-toolkit/oath-toolkit/-/commit/95ef255e6a401949ce3f67609bf8aac2029db418nvd
- gitlab.com/oath-toolkit/oath-toolkit/-/issues/43nvd
- security.opensuse.org/2024/10/04/oath-toolkit-vulnerability.htmlnvd
- www.nongnu.org/oath-toolkit/security/CVE-2024-47191nvd
- www.openwall.com/lists/oss-security/2024/10/04/2nvd
News mentions
0No linked articles in our index yet.