paul Posted July 15, 2006 Report Share Posted July 15, 2006 Marcus Meissner discovered that pppd's winbind plugin did not check for the result of the setuid() call which could allow an attacker to exploit this on systems with certain PAM limits enabled to execute the NTLM authentication helper as root. This could possibly lead to privilege escalation dependant upon the local winbind configuration. Updated packages have been patched ot correct this issue. Link to comment Share on other sites More sharing options...
Recommended Posts