Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2004-0564

Published: 23/12/2004 Updated: 11/07/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Pppoe

Vulnerability Summary

Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.

Vulnerable Product Search on Vulmon Subscribe to Product

roaring penguin pppoe 3.0

roaring penguin pppoe 3.3

roaring penguin pppoe 3.5

debian debian linux 3.0

Vendor Advisories

Debian CVElist Bug Report Logs: [CVE-2004-0564] attackers can overwrite any files when run with setuid root
Debian Bug report logs - #343264 [CVE-2004-0564] attackers can overwrite any files when run with setuid root Package: pppoe; Maintainer for pppoe is Andreas Barth <aba@notsoarghorg>; Source for pppoe is src:rp-pppoe (PTS, buildd, popcon) Reported by: FX <gentoo@sbcglobalnet> Date: Wed, 14 Dec 2005 01:33:02 UTC S ...
Debian Security Advisories: DSA-557-1 rp-pppoe -- missing privilege dropping
Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin When the program is running setuid root (which is not the case in a default Debian installation), an attacker could overwrite any file on the file system For the stable distribution (woody) this problem has been fixed in version 33-12 For the uns ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2004/dsa-557http://www.securityfocus.com/bid/11315http://www.fedoralegacy.org/updates/FC1/2005-11-14-FLSA_2005_152794__Updated_rp_pppoe_package_fixes_security_issue.htmlhttp://marc.info/?l=bugtraq&m=110247119200510&w=2http://marc.info/?l=bugtraq&m=110253341209450&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/17576https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343264https://nvd.nist.govhttps://www.debian.org/security/./dsa-557
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook