CVE-2019-12210

Name of the Vulnerable Software and Affected Versions Yubico pam-u2f version 1.0.7

Description The issue is related to the handling of a custom debug log file when the debug option is enabled. Specifically, the file descriptor for this log file is not properly closed when a new process is spawned, allowing the child process to inherit and access the file descriptor. This can lead to sensitive information leakage and potentially allow an attacker to fill the disk or plant misinformation by writing to the file. The vulnerability is associated with a lack of protection for service data, which can be exploited by a remote attacker to impact the confidentiality and integrity of protected information.

Recommendations For Yubico pam-u2f version 1.0.7, consider disabling the debug option or restricting access to the custom debug log file to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the debug file option to prevent potential information leakage and misuse.