CVE-2019-12209 — Link Following in Pam-u2f

CWE-59 — Link Following7 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Yubico Pam-u2f Debian Pam-u2f

Timeline

PublishedJun 4

Latest updateMay 24

Description

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Debianyubico/pam-u2f< 1.0.8-1+3

▶NVDyubico/pam-u2f1.0.7

▶debiandebian/pam-u2f< pam-u2f 1.0.8-1 (bookworm)

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-cf2r-5chq-jmm8: Yubico pam-u2f 1↗2022-05-24

▶

OSV

CVE-2019-12209: Yubico pam-u2f 1↗2019-06-04

▶

📋Vendor Advisories

Debian

CVE-2019-12209: pam-u2f - Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/...↗2019

▶

💬Community

Bugzilla

CVE-2019-12209 pam-u2f: insecure debug file handling leads to information disclosure [fedora-all]↗2019-08-02

▶

Bugzilla

CVE-2019-12209 pam-u2f: insecure debug file handling leads to information disclosure↗2019-08-02

▶

Bugzilla

Debug file descriptor leak CVE-2019-1221 and insecure debug file handling CVE-2019-12209↗2019-06-05

▶