4 matches found
CVE-2006-2194
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...
[SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 1150-1 [email protected] http://www.debian.org/security/ Martin Schulze August 12th, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1106-1] New ppp packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 1106-1 [email protected] http://www.debian.org/security/ Martin Schulze July 10th, 2006 http://www.debian.org/security/faq -...
CVE-2006-2194
CVE-2006-2194 affects the winbind plugin in pppd (PPP, v2.4.4 and earlier). The code does not verify the success of setuid() when dropping privileges, which can fail under PAM limits and allow a local attacker to run the winbind NTLM authentication helper with elevated privileges. Impact is local...