Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0564

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-0564
Last Modified 05 Sep 2008 04:38:45
Published 23 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0564

Summary

Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.

Vulnerable Systems

Operating System

  • Debian Linux 3.0

Application

  • Roaring Penguin Pppoe 3.0

  • Roaring Penguin Pppoe 3.3

  • Roaring Penguin Pppoe 3.5


References

XF - pppoe-file-overwrite(17576)

BID - 11315

DEBIAN - DSA-557

MANDRAKE - MDKSA-2004:145

FEDORA - FLSA:152794

BUGTRAQ - 20041208 Re: MDKSA-2004:145 - Updated rp-pppoe packages fix vulnerability


Last Updated: 27 May 2016 10:38:39