pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes ro…

A critical vulnerability in pam_usb prior to version 0.8.7 allows remote code execution as root through command injection. The vulnerability affects the hardware authentication system for Linux that uses removable USB media. Attackers can exploit crafted UUID values in configuration files or XML userName parameters that are passed to os.system() calls. The vulnerability can be triggered through the pamusb-conf --reset-pads command or during USB device addition. This represents a serious privilege escalation risk as it can lead to root-level compromise. The issue has been patched in version 0.8.7.