First published: Thu Apr 21 2022(Updated: )
In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pam Tacplus Project Pam Tacplus | <1.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2016-20014.
CVE-2016-20014 has a severity rating of critical (9.8).
The affected software for CVE-2016-20014 is Pam Tacplus (version up to and excluding 1.4.1).
CVE-2016-20014 is a vulnerability in pam_tacplus before 1.4.1, where pam_sm_acct_mgmt does not zero out the arep data structure.
To fix CVE-2016-20014, update Pam Tacplus to version 1.4.1 or later.