First published: Wed Apr 04 2018(Updated: )
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Yubico Yubico Pam | >=2.18<=2.25 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-9275.
The severity rating for CVE-2018-9275 is high (8.2).
The affected software is Yubico Pam version 2.18 through 2.25.
This vulnerability can lead to information disclosure (serial number of a device) and/or Denial of Service (DoS) by reaching the maximum number of file descriptors.
Yes, fixes for this vulnerability are available. Please refer to the provided references for more information.