Man
Professional
- Messages
- 3,222
- Reaction score
- 881
- Points
- 113
Symbolic links provide access to critical system files.
Thanks to a newly discovered vulnerability in the OATH Toolkit, which received the identifier CVE-2024-47191, attackers can escalate their privileges to the superuser level. This vulnerability was found in the Pluggable Authentication Module (PAM), which is used to integrate OTP authentication into login systems.
The issue occurred due to insecure file handling in the users' home directory when using the "pam_oath.so" module in PAM. In particular, when configuring the "usersfile=${HOME}/user.oath" parameter, operations were performed with root privileges, but without proper security checks. This allowed the attackers to create symbolic links to critical system files, such as "shadow", leading to the possibility of overwriting them and changing ownership.
The vulnerability was introduced in version 2.6.7 and affected all subsequent versions prior to 2.6.11. The bug was discovered by SUSE researcher Fabian Vogt, and after consulting with the OATH Toolkit developers, an updated version 2.6.12 was released, which fixes this problem.
The patch developed by the SUSE team focuses on fixing bugs in the file-locking mechanism and provides protection against symbolic link attacks. The changes also include secure file handling via system calls and improved Race Condition protection.
However, SUSE's patch targets Linux and uses specific "/proc/self/fd" features, while a more versatile version for other platforms was released by the OATH Toolkit.
Vulnerabilities in authentication systems highlight the importance of regular security audits and timely software updates. Organizations should closely monitor patch releases, especially for critical components, and implement rapid response processes to new threats.
Source
Thanks to a newly discovered vulnerability in the OATH Toolkit, which received the identifier CVE-2024-47191, attackers can escalate their privileges to the superuser level. This vulnerability was found in the Pluggable Authentication Module (PAM), which is used to integrate OTP authentication into login systems.
The issue occurred due to insecure file handling in the users' home directory when using the "pam_oath.so" module in PAM. In particular, when configuring the "usersfile=${HOME}/user.oath" parameter, operations were performed with root privileges, but without proper security checks. This allowed the attackers to create symbolic links to critical system files, such as "shadow", leading to the possibility of overwriting them and changing ownership.
The vulnerability was introduced in version 2.6.7 and affected all subsequent versions prior to 2.6.11. The bug was discovered by SUSE researcher Fabian Vogt, and after consulting with the OATH Toolkit developers, an updated version 2.6.12 was released, which fixes this problem.
The patch developed by the SUSE team focuses on fixing bugs in the file-locking mechanism and provides protection against symbolic link attacks. The changes also include secure file handling via system calls and improved Race Condition protection.
However, SUSE's patch targets Linux and uses specific "/proc/self/fd" features, while a more versatile version for other platforms was released by the OATH Toolkit.
Vulnerabilities in authentication systems highlight the importance of regular security audits and timely software updates. Organizations should closely monitor patch releases, especially for critical components, and implement rapid response processes to new threats.
Source