Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5784-1

Debian Linux Security Advisory 5784-1 - Fabian Vogt reported that the PAM module in oath-toolkit, a collection of components to build one-time password authentication systems, does not safely perform file operations in users’s home directories when using the usersfile feature (allowing to place the OTP state in the home directory of the to-be-authenticated user). A local user can take advantage of this flaw for root privilege escalation.

Packet Storm
#linux#debian#js#auth#sap
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5784-1                   [email protected]://www.debian.org/security/                     Salvatore BonaccorsoOctober 04, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : oath-toolkitCVE ID         : CVE-2024-47191Fabian Vogt reported that the PAM module in oath-toolkit, a collectionof components to build one-time password authentication systems, doesnot safely perform file operations in users's home directories whenusing the usersfile feature (allowing to place the OTP state in the homedirectory of the to-be-authenticated user). A local user can takeadvantage of this flaw for root privilege escalation.For the stable distribution (bookworm), this problem has been fixed inversion 2.6.7-3.1+deb12u1.We recommend that you upgrade your oath-toolkit packages.For the detailed security status of oath-toolkit please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/oath-toolkitFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmcAPvdfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Th1A/9HWbGPaDbzOAbloBMyigtmxsGRlRI/yw/7zP1Ay37cgYd79nQyXrrjNAgrBqBVDJEm/X6xSApPLiJ3RuRPvExx4cW0n5HgSV86XwXckeid/JiBIC0CvH8C/482JgsYP8oxf1c6q5HU66uZApD93YjxcA59voxqmHDgzGm5DazakShQhKb7KOqvATx75CbDhUp5H1xskGTWiyZJuAljqstFm3DD/JCYWm7XEFkinF/l832S8CKrehchM+ZpcwGlxf4vZxyll+AHZMPomgmts7kf1AJi95mgzgxCsnT5tm1yl9M0kEZIArKm8BXw8gA6ZM7+Y+hbiDiHQGpWCxdBAvIwZ1nH6lAhU5aERgXoehUS6wzuZlVZ010er9ff/mPsyeQm35+TeRhIFlk7zk1b79ct0h+hOeaiqczXox9wFuZAZcuJuZnHXcV5TiJ8tGH9fXM25GmvTbWJ2YRHmo6k2+vR0XyksRcjQFLAhw21b265aSPkPDCVJZgs5pLpdmpM84N6Y0yZTrNR8mvCnSOiSMDcDf2nqn4jxPKkKpRp8JNtYlJSPOFGuKzSNKXzMdMnZ4EkXpDpCiP8unz7xWzCf19FhtHHJo2Zn2wKmOTWeLSQ3oCjGsdpn/MWb+t5P9A0fJ8v8vPXyKfyy/5owAlvkWmvyihNlxezEStNxdYx/sKn/U==iccV-----END PGP SIGNATURE-----

Related news

Ubuntu Security Notice USN-7059-2

Ubuntu Security Notice 7059-2 - USN-7059-1 fixed a vulnerability in OATH Toolkit library. This update provides the corresponding update for Ubuntu 24.10. Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack.

Ubuntu Security Notice USN-7059-1

Ubuntu Security Notice 7059-1 - Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution