Advisories MDKSA-2006:119: Updated ppp packages fix plugin vulnerability

[paul]

Marcus Meissner discovered that pppd's winbind plugin did not check for

the result of the setuid() call which could allow an attacker to

exploit this on systems with certain PAM limits enabled to execute the

NTLM authentication helper as root. This could possibly lead to

privilege escalation dependant upon the local winbind configuration.

 

Updated packages have been patched ot correct this issue.