In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pam_tacplus | Pam_tacplus_project | * | 1.4.1 (excluding) |
| Libpam-tacplus | Ubuntu | bionic | * |
| Libpam-tacplus | Ubuntu | focal | * |
| Libpam-tacplus | Ubuntu | impish | * |
| Libpam-tacplus | Ubuntu | kinetic | * |
| Libpam-tacplus | Ubuntu | lunar | * |
| Libpam-tacplus | Ubuntu | mantic | * |
| Libpam-tacplus | Ubuntu | trusty | * |
| Libpam-tacplus | Ubuntu | xenial | * |