A file descriptor leak has been found in pam-u2f before 1.8.0. If the `debug` and `debug_file` options are set then the opened debug file will be inherited to the successfully authenticated user's process. Therefore this user can write further information to it, possibly filling up a privileged file system or manipulating the information found in the debug file. This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.
A file descriptor leak has been found in pam-u2f before 1.8.0. If the `debug` and `debug_file` options are set then the opened debug file will be inherited to the successfully authenticated user's process. Therefore this user can write further information to it, possibly filling up a privileged file system or manipulating the information found in the debug file. This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.
https://seclists.org/oss-sec/2019/q2/149 https://github.com/Yubico/pam-u2f/commit/18b1914e32b74ff52000f10e97067e841e5fff62
Vulmon