OATH Toolkit: Privilege Escalation

OATH Toolkit: Privilege Escalation A vulnerability has been discovered in OATH Toolkit, which could lead to local root privilege escalation. oath-toolkit 2024-12-07 2024-12-07 940778 local 2.6.12 2.6.12

OATH Toolkit provide components to build one-time password authentication systems. It contains shared C libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to manage secret key data. OATH stands for Open AuTHentication, which is the organization that specify the algorithms.

A vulnerability has been discovered in OATH Toolkit. Please review the CVE identifier referenced below for details.

Please review the referenced CVE identifier for details.

There is no known workaround at this time.

All OATH Toolkit users should upgrade to the latest version:


          # emerge --sync
          # emerge --ask --oneshot --verbose ">=sys-auth/oath-toolkit-2.6.12"

CVE-2024-47191 graaff graaff