Juniper Junos SSH TACACS+ Incorrect Permissions (PSN-2012-04-545)
High Nessus Plugin ID 58874
SynopsisThe remote device may grant permissions incorrectly.
DescriptionAccording to its self-reported version number, the version of Junos running on the remote host may grant permissions incorrectly when SSH sessions are authenticated remotely using TACACS+ for authentication and authorization. Fetched authorizations are stored in a file whose name is based on process ID. On unclean exits of the SSH client, this file is not deleted, and therefore reused for future login sessions with the same process ID. This could result in authorizations being applied to the wrong user.
SolutionApply the relevant Junos upgrade referenced in Juniper advisory PSN-2012-04-545.