Vulnerabilities > CVE-2016-20014 - Unspecified vulnerability in PAM Tacplus Project PAM Tacplus 1.3.8/1.3.9

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
pam-tacplus-project

Summary

In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.

Vulnerable Configurations

Part Description Count
Application
Pam_Tacplus_Project
2