Gabriel Kihlman

2 exploits Active since Jun 2019

CVE-2019-12209 WRITEUP HIGH WRITEUP

Yubico pam-u2f 1.0.7 - Info Disclosure

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information.

CVSS 7.5

View Code

CVE-2019-12210 WRITEUP HIGH WRITEUP

Yubico pam-u2f 1.0.7 - Use After Free

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it. This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.

CVSS 8.1

View Code