PT-2002-1296 · Cisco · Tac Plus
Publicado
2002-05-03
·
Atualizado
2008-09-05
·
CVE-2002-0225
CVSS v2.0
4.6
Média
| Vetor | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
tac plus versions F4.0.4.alpha
Description
The issue concerns the Tacacs+ daemon, which creates files from the accounting directive with world-readable and writable permissions. This allows local users to access and modify sensitive files.
Recommendations
For version F4.0.4.alpha, consider changing the file permissions to restrict access to sensitive files until a patch is available. As a temporary workaround, restrict write access to the files created by the accounting directive to minimize the risk of exploitation.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Tac Plus