User: Password:
|
|
Subscribe / Log in / New account

rp-pppoe, pppoe: missing privilege dropping

Package(s):rp-pppoe, pppoe CVE #(s):CAN-2004-0564
Created:October 4, 2004 Updated:November 15, 2005
Description: Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root (which is not the case in a default Debian installation), an attacker could overwrite any file on the file system.
Alerts:
Fedora-Legacy FLSA:152794 rp-pppoe 2005-11-14
Mandrake MDKSA-2004:145 rp-pppoe 2004-12-06
Debian DSA-557-1 rp-pppoe 2004-10-04

(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds