Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2006-2194HistoryJul 05, 2006 - 6:05 p.m.
CVE-2006-2194
2006-07-0518:05:00
Debian Security Bug Tracker
security-tracker.debian.org
11
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.6%
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | ppp | < 2.4.4rel-1 | ppp_2.4.4rel-1_all.deb |
| Debian | 11 | all | ppp | < 2.4.4rel-1 | ppp_2.4.4rel-1_all.deb |
| Debian | 999 | all | ppp | < 2.4.4rel-1 | ppp_2.4.4rel-1_all.deb |
| Debian | 13 | all | ppp | < 2.4.4rel-1 | ppp_2.4.4rel-1_all.deb |
Related
nessus
nessus
Mandrake Linux Security Advisory : ppp (MDKSA-2006:119)
2006-07-11 00:00:00
Ubuntu 5.10 / 6.06 LTS : ppp vulnerability (USN-310-1)
2007-11-10 00:00:00
Debian DSA-1106-1 : ppp - programming error
2006-10-14 00:00:00
debian
debian
[SECURITY] [DSA 1106-1] New ppp packages fix privilege escalation
2006-07-10 06:21:24
[SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation
2006-08-12 16:50:24
securityvulns
securityvulns
[Full-disclosure] [USN-310-1] ppp vulnerability
2006-07-06 00:00:00
nvd
nvd
CVE-2006-2194
2006-07-05 18:05:00
ubuntucve
ubuntucve
CVE-2006-2194
2006-07-05 00:00:00
cvelist
cvelist
CVE-2006-2194
2006-07-05 18:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-310-1)
2022-08-26 00:00:00
Debian Security Advisory DSA 1106-1 (ppp)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1106)
2008-01-17 00:00:00
ubuntu
ubuntu
ppp vulnerability
2006-07-06 00:00:00
cve
cve
CVE-2006-2194
2006-07-05 18:05:00
prion
prion
Authentication flaw
2006-07-05 18:05:00
redhatcve
redhatcve
CVE-2006-2194
2015-10-30 09:32:23
seebug
seebug
PPPD Winbind插件本地权限提升漏洞
2007-12-26 00:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.6%
Related for DEBIANCVE:CVE-2006-2194