Lucene search
RootSSV:2692HistoryDec 26, 2007 - 12:00 a.m.
PPPD Winbind插件本地权限提升漏洞
2007-12-2600:00:00
Root
www.seebug.org
16
0.001 Low
EPSS
Percentile
25.6%
BUGTRAQ ID: 18849
CVE(CAN) ID: CVE-2006-2194
ppp(Paul’s PPP Package)是一个开放源码的软件包,用于在Linux和Solaris系统上实现点对点协议。
ppp对插件执行权限的控制上存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。
pppd的winbind插件没有检查setuid()调用的结果。在对用户进程数配置了PAM限制且启用了winbind插件的系统上,本地攻击者可以利用这个漏洞以root权限执行winbind NTLM认证帮助程序,可能导致权限提升。
Ubuntu Linux 6.06 LTS powerpc
Ubuntu Linux 6.06 LTS i386
Ubuntu Linux 6.06 LTS amd64
Ubuntu Linux 5.10 powerpc
Ubuntu Linux 5.10 i386
Ubuntu Linux 5.10 amd64
Paul Mackerras PPPD 2.4.3
Paul Mackerras
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
<a href=“http://www.samba.org/ppp/index.html” target=“_blank”>http://www.samba.org/ppp/index.html</a>
Related
nessus
nessus
Mandrake Linux Security Advisory : ppp (MDKSA-2006:119)
2006-07-11 00:00:00
Ubuntu 5.10 / 6.06 LTS : ppp vulnerability (USN-310-1)
2007-11-10 00:00:00
Debian DSA-1106-1 : ppp - programming error
2006-10-14 00:00:00
debian
debian
[SECURITY] [DSA 1106-1] New ppp packages fix privilege escalation
2006-07-10 06:21:24
[SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation
2006-08-12 16:50:24
securityvulns
securityvulns
[Full-disclosure] [USN-310-1] ppp vulnerability
2006-07-06 00:00:00
nvd
nvd
CVE-2006-2194
2006-07-05 18:05:00
debiancve
debiancve
CVE-2006-2194
2006-07-05 18:05:00
ubuntucve
ubuntucve
CVE-2006-2194
2006-07-05 00:00:00
cvelist
cvelist
CVE-2006-2194
2006-07-05 18:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-310-1)
2022-08-26 00:00:00
Debian Security Advisory DSA 1106-1 (ppp)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1106)
2008-01-17 00:00:00
ubuntu
ubuntu
ppp vulnerability
2006-07-06 00:00:00
cve
cve
CVE-2006-2194
2006-07-05 18:05:00
prion
prion
Authentication flaw
2006-07-05 18:05:00
redhatcve
redhatcve
CVE-2006-2194
2015-10-30 09:32:23