CVE-2016-20014 — Vulnetix

CVE-2016-20014 PUBLISHED

In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.

EPSS 0.16% · 36.1th percentile

Risk Scores

EPSS Score

0.16%

36.1th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	libpam-tacplus	1.3.8-2+deb8u1build0.18.04.1, 0, 1.3.8-2
Ubuntu:22.04:LTS	libpam-tacplus	0, 1.3.8-2.1
Ubuntu:20.04:LTS	libpam-tacplus	1.3.8-2+deb8u1build0.20.04.1, 1.3.8-2, 0
Ubuntu:16.04:LTS	libpam-tacplus	0, 1.3.8-2, 1.3.8-2+deb8u1build0.16.04.1

Exploit Intelligence

https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab (circl)

Timeline

Apr 21, 2022 EPSS Score
Apr 21, 2022 CVE Published
Jun 10, 2022 EPSS Score
Jul 31, 2022 EPSS Score
Sep 19, 2022 EPSS Score
Nov 8, 2022 EPSS Score
Dec 28, 2022 EPSS Score
Feb 16, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 7, 2023 EPSS Score
May 27, 2023 EPSS Score
Jul 16, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2016-20014 third-party-advisory
https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2016-20014 third-party-advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›