rpm package
opensuse/oath-toolkit&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/oath-toolkit&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47191 | Hig | 7.1 | < 2.6.11.12-1.1 | 2.6.11.12-1.1 | Oct 9, 2024 | pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. | |
| CVE-2013-7322 | — | < 2.6.7-1.3 | 2.6.7-1.3 | Mar 9, 2014 | usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to c |
- affected < 2.6.11.12-1.1fixed 2.6.11.12-1.1
pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.
- CVE-2013-7322Mar 9, 2014affected < 2.6.7-1.3fixed 2.6.7-1.3
usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to c