CVE-2024-47191
HIGH7.1EPSS 0.08%oath-toolkit - security update
發布日:2024/10/9修改日:2026/3/9
描述
pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.
受影響套件(2)
- Debian/oath-toolkitfrom 0, < 2.6.7-3.1+deb12u1
- Debian/oath-toolkitfrom 0, < 2.6.7-3.1+deb12u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |