VDB

DEBIAN-CVE-2024-47191

DEBIAN-CVE-2024-47191 PUBLISHED CVSS 7.099999904632568 HIGH

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

Risk Scores

CVSS 3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Debian:14oath-toolkit0, 0
Debian:12oath-toolkit0, 2.6.7-3.1, 0
Debian:13oath-toolkit0, 0

Timeline

  • Oct 9, 2024 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›