VYPR

rpm package

opensuse/oath-toolkit&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/oath-toolkit&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2024-47191HigOct 9, 2024
    affected < 2.6.11.12-1.1fixed 2.6.11.12-1.1

    pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

  • CVE-2013-7322Mar 9, 2014
    affected < 2.6.7-1.3fixed 2.6.7-1.3

    usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to c