Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2019-12210 - log back

CVE-2019-12210 created at 25 Sep 2019 19:31:40

Severity

+

Medium

Remote

+

Local

Type

+	Information disclosure

Description

+	A file descriptor leak has been found in pam-u2f before 1.8.0. If the `debug` and `debug_file` options are set then the opened debug file will be inherited to the successfully authenticated user's process. Therefore this user can write further information to it, possibly filling up a privileged file system or manipulating the information found in the debug file.
+	This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.

References

+	https://seclists.org/oss-sec/2019/q2/149
+	https://github.com/Yubico/pam-u2f/commit/18b1914e32b74ff52000f10e97067e841e5fff62

Notes