CVE-2019-12210 - log back

CVE-2019-12210 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Information disclosure
Description
+ A file descriptor leak has been found in pam-u2f before 1.8.0. If the `debug` and `debug_file` options are set then the opened debug file will be inherited to the successfully authenticated user's process. Therefore this user can write further information to it, possibly filling up a privileged file system or manipulating the information found in the debug file.
+ This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.
References
+ https://seclists.org/oss-sec/2019/q2/149
+ https://github.com/Yubico/pam-u2f/commit/18b1914e32b74ff52000f10e97067e841e5fff62
Notes