The KDE team fixed a bug in kppp in 2002 which was now discovered to be exploitable by iDEFENSE. By opening a sufficiently large number of file descriptors before executing kppp which is installed setuid root a local attacker is able to take over privileged file descriptors. For the stable distribution (woody) this problem has been fixed in version 2.2.2-14.7. The testing (sarge) and unstable (sid) distributions are not affected since KDE 3.2 already contained the correction. We recommend that you upgrade your kppp package.
The KDE team fixed a bug in kppp in 2002 which was now discovered to be exploitable by iDEFENSE. By opening a sufficiently large number of file descriptors before executing kppp which is installed setuid root a local attacker is able to take over privileged file descriptors.
For the stable distribution (woody) this problem has been fixed in version 2.2.2-14.7.
The testing (sarge) and unstable (sid) distributions are not affected since KDE 3.2 already contained the correction.
We recommend that you upgrade your kppp package.
MD5 checksums of the listed files are available in the original advisory.