Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2194

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-2194
Last Modified 02 Apr 2010 03:43:46
Published 05 Jul 2006 02:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-2194

Summary

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.

Vulnerable Systems

Application

  • Samba Ppp 2.4.4


References

BID - 18849

DEBIAN - DSA-1106

SECUNIA - 20996

SECUNIA - 20987

SECUNIA - 20967

UBUNTU - USN-310-1

OSVDB - 26994

SECUNIA - 20963

MANDRIVA - MDKSA-2006:119


Last Updated: 27 May 2016 10:42:22