Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-48982— pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race

CVSS 5.8 · Medium EPSS 0.09% · P0

Affected Version Matrix 1

VendorProductVersion RangeStatus
mcdopepam_usb< 0.9.2affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-48982

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race
Source: NVD (National Vulnerability Database)
Vulnerability Description
pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open() without the O_EXCL flag. Without O_EXCL, the create operation is not atomic: two concurrent processes racing to update the same pad may both succeed in opening the file, with the second write silently overwriting the first. The one-time pad is the core replay-prevention mechanism of pam_usb. A successful race could result in the stored pad value diverging from what either process expected, potentially causing authentication failures or, in a precisely timed attack, creating a window for pad reuse. This issue has been fixed in version 0.9.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Source: NVD (National Vulnerability Database)
Vulnerability Title
McDope pam_usb 竞争条件问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
mcdope pam_usb是mcdope的认证模块。 McDope pam_usb 0.9.2之前版本存在竞争条件问题漏洞,该漏洞源于更新一次性密码本文件时使用open()函数未设置O_EXCL标志,导致竞争条件,可能造成身份验证失败或密码本重用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
mcdopepam_usb < 0.9.2 -

II. Public POCs for CVE-2026-48982

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-48982

登录查看更多情报信息。

Patches & Fixes for CVE-2026-48982 (1)

Vendor Advisories for CVE-2026-48982 (1)

Same Patch Batch · mcdope · 2026-06-18 · 7 CVEs total

CVE-2026-489816.7 MEDIUMpam_usb: xmlReadFile flags=0 permits XXE network entity fetching in conf.c
CVE-2026-489806.3 MEDIUMpam_usb: getenv() used in PAM context allows environment variable injection into local-che
CVE-2026-489835.8 MEDIUMpam_usb: TOCTOU race condition in pad directory creation allows symlink substitution
CVE-2026-489855.5 MEDIUMpam_usb: NULL Dereference Crash in pusb_is_loginctl_local when loginctl Returns Empty Remo
CVE-2026-489844.7 MEDIUMpam_usb: xfree() does not call explicit_bzero — sensitive cryptographic material may linge
CVE-2026-489864.7 MEDIUMpam_usb: Infinite loop DoS in process-tree walk when parent process exits during authentic

IV. Related Vulnerabilities

V. Comments for CVE-2026-48982

No comments yet


Leave a comment