{}

{}

{}

{"bugzilla": {"description": "oath-toolkit: Local root exploit in a PAM module", "id": "2316488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316488"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-22", "details": ["A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM stacks typically run as root, this flaw allows a malicious user to jeopardize an environment."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-47191", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Out of support scope", "package_name": "oath-toolkit", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "oath-toolkit", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Affected", "package_name": "oath-toolkit", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/a:redhat:ceph_storage:7", "fix_state": "Affected", "package_name": "oath-toolkit", "product_name": "Red Hat Ceph Storage 7"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "oath-toolkit", "product_name": "Red Hat Openshift Container Storage 4"}], "public_date": "2024-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47191\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47191"], "statement": "This vulnerability is rated Important rather than Moderate due to its potential for full privilege escalation without requiring complex attack vectors. The flaw in the `pam_oath.so` module allows unprivileged users to manipulate file operations within their home directories to exploit symlink attacks, enabling them to overwrite critical system files, such as `/etc/shadow`, with root-level privileges. Since PAM stacks typically run as root, this exploitation does not involve race conditions or reliance on environmental factors, making the attack straightforward and highly impactful.", "threat_severity": "Important"}