Published: 05/07/2006 Updated: 24/02/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The winbind plugin in pppd for ppp 2.4.4 and previous versions does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
point-to-point protocol project point-to-point protocol

Marcus Meissner discovered that the winbind plugin of pppd does not check the result of the setuid() call On systems that configure PAM limits for the maximum number of user processes and enable the winbind plugin, a local attacker could exploit this to execute the winbind NTLM authentication helper as root Depending on the local winbind configur ...

Marcus Meissner discovered that the winbind plugin in pppd does not check whether a setuid() call has been successful when trying to drop privileges, which may fail with some PAM configurations The old stable distribution (woody) is not affected by this problem For the stable distribution (sarge) this problem has been fixed in version 243-20050 ...

NVD-CWE-Other http://www.ubuntu.com/usn/usn-310-1 http://www.securityfocus.com/bid/18849 http://www.debian.org/security/2006/dsa-1106 http://www.osvdb.org/26994 http://secunia.com/advisories/20963 http://secunia.com/advisories/20967 http://secunia.com/advisories/20996 http://secunia.com/advisories/20987 http://www.mandriva.com/security/advisories?name=MDKSA-2006:119 https://usn.ubuntu.com/310-1/https://nvd.nist.gov

CVE-2006-2194

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect