Candidate: CVE-2013-7322
PublicDate: 2014-03-09 13:16:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7322
 http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/txtUm85v7Wqcy.txt
Description:
 usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly
 handle lines containing an invalid one-time-password (OTP) type and a user
 name in /etc/users.oath, which causes the wrong line to be updated when
 invalidating an OTP and allows context-dependent attackers to conduct
 replay attacks, as demonstrated by a commented out line when using
 libpam-oath.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_oath-toolkit:
upstream_oath-toolkit: released (2.4.1-1)
lucid_oath-toolkit: DNE
precise_oath-toolkit: ignored (reached end-of-life)
precise/esm_oath-toolkit: DNE (precise was needs-triage)
quantal_oath-toolkit: ignored (reached end-of-life)
saucy_oath-toolkit: ignored (reached end-of-life)
trusty_oath-toolkit: ignored (reached end-of-life)
trusty/esm_oath-toolkit: DNE (trusty was needed)
utopic_oath-toolkit: ignored (reached end-of-life)
vivid_oath-toolkit: ignored (reached end-of-life)
vivid/stable-phone-overlay_oath-toolkit: DNE
vivid/ubuntu-core_oath-toolkit: DNE
wily_oath-toolkit: ignored (reached end-of-life)
xenial_oath-toolkit: not-affected (2.6.1-1)
yakkety_oath-toolkit: ignored (reached end-of-life)
zesty_oath-toolkit: ignored (reached end-of-life)
artful_oath-toolkit: ignored (reached end-of-life)
bionic_oath-toolkit: not-affected (2.6.1-1)
cosmic_oath-toolkit: not-affected (2.6.1-1.2ubuntu0.18.10.1)
disco_oath-toolkit: not-affected (2.6.1-1.2ubuntu0.18.10.1)
devel_oath-toolkit: not-affected (2.6.1-1.2ubuntu0.18.10.1)