Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root (which is not the case in a default Debian installation), an attacker could overwrite any file on the file system. For the stable distribution (woody) this problem has been fixed in version 3.3-1.2. For the unstable distribution (sid) this problem has been fixed in version 3.5-4. We recommend that you upgrade your pppoe package.
Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root (which is not the case in a default Debian installation), an attacker could overwrite any file on the file system.
For the stable distribution (woody) this problem has been fixed in version 3.3-1.2.
For the unstable distribution (sid) this problem has been fixed in version 3.5-4.
We recommend that you upgrade your pppoe package.
MD5 checksums of the listed files are available in the original advisory.