A vulnerability has been discovered in OATH Toolkit, which could lead to local root privilege escalation.
Package | sys-auth/oath-toolkit on all architectures |
---|---|
Affected versions | < 2.6.12 |
Unaffected versions | >= 2.6.12 |
OATH Toolkit provide components to build one-time password authentication systems. It contains shared C libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to manage secret key data. OATH stands for Open AuTHentication, which is the organization that specify the algorithms.
A vulnerability has been discovered in OATH Toolkit. Please review the CVE identifier referenced below for details.
Please review the referenced CVE identifier for details.
There is no known workaround at this time.
All OATH Toolkit users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-auth/oath-toolkit-2.6.12"
Release date
December 07, 2024
Latest revision
December 07, 2024: 1
Severity
high
Exploitable
local
Bugzilla entries