Description
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it. This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.
References (5)
Core 5
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://developers.yubico.com/pam-u2f/Release_Notes.html
Patch, Third Party Advisory x_refsource_confirm
https://github.com/Yubico/pam-u2f/commit/18b1914e32b74ff52000f10e97067e841e5fff62
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/06/05/1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.html
Scores
CVSS v3
8.1
EPSS
0.0040
EPSS Percentile
60.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
Status
published
Products (1)
yubico/pam-u2f
1.0.7
Published
Jun 04, 2019
Tracked Since
Feb 18, 2026