Intrusion Prevention

FreeBSD.Xtacacsd.Username.Buffer.Overflow

Description

This indicates an attempt to exploit a buffer overflow vulnerability in Xtacacsd running under freebsd.
The vulnerability is caused by a input parameter check error in the report function. It allows a remote attacker to execute arbitray code on a victim system by sending an excessively long username parameter.

Affected Products

XTACACSD version 4.1.2 and prior.

Impact

System compromise: remote code execution.

Recommended Actions

Currently we are not aware of any vendor supplied patch for this issue.