Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-7059-1

Ubuntu Security Notice 7059-1 - Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack.

Packet Storm
#vulnerability#ubuntu

==========================================================================

Ubuntu Security Notice USN-7059-1
October 09, 2024

oath-toolkit vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 22.04 LTS

Summary:

oath-toolkit could be made overwrite files as the administrator.

Software Description:

  • oath-toolkit: Development files for the OATH Toolkit Liboath library

Details:

Fabian Vogt discovered that OATH Toolkit incorrectly handled file
permissions. A remote attacker could possibly use this issue to
overwrite root owned files, leading to a privilege escalation attack.
(CVE-2024-47191)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
liboath-dev 2.6.11-2.1ubuntu0.1

Ubuntu 22.04 LTS
liboath-dev 2.6.7-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7059-1
https://ubuntu.com/security/notices/USN-7059-1
CVE-2024-47191

Package Information:
https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-2.1ubuntu0.1
https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-2.1ubuntu0.1
https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.7-3ubuntu0.1
https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.7-3ubuntu0.1

Related news

Ubuntu Security Notice USN-7059-2

Ubuntu Security Notice 7059-2 - USN-7059-1 fixed a vulnerability in OATH Toolkit library. This update provides the corresponding update for Ubuntu 24.10. Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack.

Debian Security Advisory 5784-1

Debian Linux Security Advisory 5784-1 - Fabian Vogt reported that the PAM module in oath-toolkit, a collection of components to build one-time password authentication systems, does not safely perform file operations in users's home directories when using the usersfile feature (allowing to place the OTP state in the home directory of the to-be-authenticated user). A local user can take advantage of this flaw for root privilege escalation.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution