You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 28, 2024. It is now read-only.
kravietz
published
GHSA-rp3p-jm35-jv76Oct 28, 2020
Package
pam_tacplus
Affected versions
after v1.4.1, before v1.6.1
Patched versions
1.6.1
Description
Impact
Lack of error checking in PRNG call might result in using uninitialised session identifier for TACACS+ packet obfuscation, if build with OpenSSL. The issue has been discovered by @gollub and fixed by @deastoe.
Patches
Fixed in PR#163. Library will now abort any operations in case of PRNG failure.
Workarounds
This risk would only materialize under exceptional conditions.
Impact
Lack of error checking in PRNG call might result in using uninitialised session identifier for TACACS+ packet obfuscation, if build with OpenSSL. The issue has been discovered by @gollub and fixed by @deastoe.
Patches
Fixed in PR#163. Library will now abort any operations in case of PRNG failure.
Workarounds
This risk would only materialize under exceptional conditions.
References
PR#163
For more information
If you have any questions or comments about this advisory: