aru Posted July 11, 2006 Report Share Posted July 11, 2006 Mandriva Advisories MDKSA-2006:119 : ppp Updated ppp packages fix plugin vulnerability July 10th, 2006 Marcus Meissner discovered that pppd's winbind plugin did not check for the result of the setuid() call which could allow an attacker to exploit this on systems with certain PAM limits enabled to execute the NTLM authentication helper as root.This could possibly lead to privilege escalation dependant upon the local winbind configuration. Updated packages have been patched ot correct this issue. The released versions of Mandriva GNU/Linux affected are: 2006.0Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:119 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2194 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.3 2006/07/02 09:40:56 aru Exp $) Link to comment Share on other sites More sharing options...
Recommended Posts