PT-2002-1296 · Cisco · Tac Plus

Published

2002-05-03

Updated

2008-09-05

CVE-2002-0225

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions tac plus versions F4.0.4.alpha

Description The issue concerns the Tacacs+ daemon, which creates files from the accounting directive with world-readable and writable permissions. This allows local users to access and modify sensitive files.

Recommendations For version F4.0.4.alpha, consider changing the file permissions to restrict access to sensitive files until a patch is available. As a temporary workaround, restrict write access to the files created by the accounting directive to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0225

Affected Products

Tac Plus

PT-2002-1296 · Cisco · Tac Plus

CVE-2002-0225

Related Identifiers

Affected Products

References · 4