MITRE responded:
> Thank you for contacting us. The oss-security thread says:
>
>The discussed behavior completely depends on the PAM configuration
>(which, in most cases, needs to be enabled by the user). If this is
>considered an issue, then it cannot be resolved within fprintd (and
This seems to be a system administration and configuration problem rather
than a built in issue.
On Fri, Jun 14, 2024 at 09:52 Yaron Shahrabani wrote:
> Thank you all for your response and care.
>
> I would like to point out that although I managed to demonstrate this
> vulnerability with a
Thank you all for your response and care.
I would like to point out that although I managed to demonstrate this
vulnerability with a virtual terminal in a graphical interface it also
applies to TTY, so even if I don't have any graphical interface I can still
exploit this vulnerability.
Adding a
At Marco's request, I am asking MITRE to either revoke CVE-2024-37408 or for
MITRE to transfer CVE ownership to Canonical's CNA for revocation.
On Thu, Jun 13, 2024 at 06:40:51PM +0200, Marco Trevisan wrote:
> Hi Yaron,
>
> Thanks for taking time to look into this issue.
>
> We appreciate the
Hi Yaron,
Thanks for taking time to look into this issue.
We appreciate the analysis you did, although, as we already shared
privately, we don't think that this is a fprintd issue but rather an
architectural issue of how PAM modules interact with sudo that, by
design, does not permit an
Hi everyone, I'm writing to this mailing list since I've already
shared the details with Benjamin Berg and Marco Trevisan privately,
and we have yet to conclude about this vulnerability.
This information was also disclosed to the fprintd mailing list:
