Bug 2316488 (CVE-2024-47191) - CVE-2024-47191 oath-toolkit: Local root exploit in a PAM module
Summary: CVE-2024-47191 oath-toolkit: Local root exploit in a PAM module
Keywords:
Status: NEW
Alias: CVE-2024-47191
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2316494 2316489 2316490 2316491 2316492 2316493 2348752
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-04 15:39 UTC by OSIDB Bzimport
Modified: 2025-06-26 12:16 UTC (History)
10 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:9775 0 None None None 2025-06-26 12:16:56 UTC

Description OSIDB Bzimport 2024-10-04 15:39:13 UTC 
oath-toolkit[1] contains libraries and utilities for managing one-time password
(OTP) authentication e.g. as a second factor to password authentication. A couple of years ago, the module gained a feature which allows to place the OTP state file (called usersfile) in the home directory of the to-be-authenticated user. Fabian noticed that the PAM module performs unsafe file operations in users' home directories. Since PAM stacks typically run as root, this can easily cause security issues.

The feature in question has been introduced in oath-toolkit version 2.6.7 (via
commit 60d9902b5c [2]). The following report is based on the most recent
oath-toolkit release tag for version 2.6.11.
Comment 1 errata-xmlrpc 2025-06-26 12:16:55 UTC 
This issue has been addressed in the following products:

  Red Hat Ceph Storage 8.1

Via RHSA-2025:9775 https://access.redhat.com/errata/RHSA-2025:9775
Note You need to log in before you can comment on or make changes to this bug.