Lucene search
GoogleOSV:CVE-2019-12210HistoryJun 04, 2019 - 9:29 p.m.
CVE-2019-12210
2019-06-0421:29:00
Google
osv.dev
12
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it. This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.
References
lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html
lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.html
www.openwall.com/lists/oss-security/2019/06/05/1
developers.yubico.com/pam-u2f/Release_Notes.html
github.com/Yubico/pam-u2f/commit/18b1914e32b74ff52000f10e97067e841e5fff62
Related
cve
cve
CVE-2019-12210
2019-06-04 21:29:00
prion
prion
Design/Logic Flaw
2019-06-04 21:29:00
ubuntucve
ubuntucve
CVE-2019-12210
2019-06-04 00:00:00
debiancve
debiancve
CVE-2019-12210
2019-06-04 21:29:00
cvelist
cvelist
CVE-2019-12210
2019-06-04 20:28:51
nvd
nvd
CVE-2019-12210
2019-06-04 21:29:00
archlinux
archlinux
[ASA-201906-5] pam-u2f: information disclosure
2019-06-07 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1750-1)
2021-06-09 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : libu2f-host, pam_u2f (SUSE-SU-2019:1750-1)
2019-07-05 00:00:00
openSUSE Security Update : libu2f-host / pam_u2f (openSUSE-2019-1708)
2019-07-22 00:00:00
openSUSE Security Update : libu2f-host / pam_u2f (openSUSE-2019-1725)
2019-07-22 00:00:00
suse
suse
Security update for libu2f-host, pam_u2f (moderate)
2019-07-19 00:00:00
Security update for libu2f-host, pam_u2f (moderate)
2019-07-19 00:00:00
osv
osv
pam_u2f-1.1.1-1.3 on GA media
2024-06-15 00:00:00