Recently discovered vulnerabilities in the Oath Toolkit have been identified as CVE-2024-47191, allowing attackers to elevate their privileges to super-user level. The vulnerability is present in the “Pluggable Authentication Module” (PAM) module, which integrates OTP-authorization into entrance systems.
The vulnerability stemmed from unsafe file processing in the home directory when utilizing the “Pam_oath.so” module in PAM. Specifically, the issue arose when configuring the “Usersfile = $ {Home} /user.oath” parameter, which carried out operations with Root privileges without proper safety checks. This oversight enabled attackers to create symbolic links to critical system files, like “Shadow,” allowing for potential rewriting and changes in property rights.
The vulnerability was introduced in version 2.6.7 and persisted through subsequent versions until 2.6.11. SUSE researcher Fabiana Fogt identified the flaw, prompting collaboration with Oath Toolkit developers to release an updated version 2.6.12 to address the issue.
The patch developed by the SUSE team focuses on rectifying errors in file blocking mechanisms to prevent attacks using symbolic links. The enhancements also include safe file processing through system calls and improved protection against Race Conditions.
While the SUSE patch is tailored for Linux and utilizes specific functions like “/Proc/Self/FD,” Oath Toolkit has released a more universal version for other platforms, ensuring broader coverage for users.
This incident underscores the importance of regular security audits and timely software updates for authentication systems. Organizations are advised to diligently monitor patch releases, particularly for critical components, and establish rapid response protocols to address new threats effectively.