A file descriptor leak has been found in pam-u2f prior to 1.8.0. If the `debug` and `debug_file` options are set then the opened debug file will be inherited to the successfully authenticated user's process. Therefore this user can write further information to it, possibly filling up a privileged file system or manipulating the information found in the debug file. This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yubico pam-u2f 1.0.7 |