OATH Toolkit: Privilege Escalation — GLSA 202412-11

A vulnerability has been discovered in OATH Toolkit, which could lead to local root privilege escalation.

Affected packages

sys-auth/oath-toolkit on all architectures
Affected versions < 2.6.12
Unaffected versions >= 2.6.12

Background

OATH Toolkit provide components to build one-time password authentication systems. It contains shared C libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to manage secret key data. OATH stands for Open AuTHentication, which is the organization that specify the algorithms.

Description

A vulnerability has been discovered in OATH Toolkit. Please review the CVE identifier referenced below for details.

Impact

Please review the referenced CVE identifier for details.

Workaround

There is no known workaround at this time.

Resolution

All OATH Toolkit users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-auth/oath-toolkit-2.6.12"
 

References

Release date
December 07, 2024

Latest revision
December 07, 2024: 1

Severity
high

Exploitable
local

Bugzilla entries