User: Password:
Subscribe / Log in / New account

Ubuntu alert USN-310-1 (ppp)

From:  Martin Pitt <>
Subject:  [USN-310-1] ppp vulnerability
Date:  Thu, 6 Jul 2006 00:29:42 +0200

=========================================================== Ubuntu Security Notice USN-310-1 July 05, 2006 ppp vulnerability CVE-2006-2194 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: ppp 2.4.3-20050321+2ubuntu1.1 ppp-dev 2.4.3-20050321+2ubuntu1.1 ppp-udeb 2.4.3-20050321+2ubuntu1.1 Ubuntu 6.06 LTS: ppp 2.4.4b1-1ubuntu3.1 ppp-dev 2.4.4b1-1ubuntu3.1 ppp-udeb 2.4.4b1-1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Marcus Meissner discovered that the winbind plugin of pppd does not check the result of the setuid() call. On systems that configure PAM limits for the maximum number of user processes and enable the winbind plugin, a local attacker could exploit this to execute the winbind NTLM authentication helper as root. Depending on the local winbind configuration, this could potentially lead to privilege escalation. Updated packages for Ubuntu 5.10: Source archives: Size/MD5: 84735 b936bb967b2bf26bb8e894b52b56f567 Size/MD5: 639 6fa315e3b2b44a005b1884f8e1d84838 Size/MD5: 697459 0537b03fb51cbb847290abdbb765cb93 Architecture independent packages: Size/MD5: 33168 6a580e1ea142bee104cddd5593ee5bc5 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 112486 498b0a9fea2370c8f0419ef14016d499 Size/MD5: 349850 35c4edac3178de4ed6ee4a623b97e8bc i386 architecture (x86 compatible Intel/AMD) Size/MD5: 97874 5d1663cab583200aa383f63756166351 Size/MD5: 321080 134ca18479227697f4dc4d4276126141 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 108914 6bcb2e66fb0473fe915239f472b3fa9c Size/MD5: 353924 5d79faafa8d39f06bbe73783cfb23db1 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 104752 fc65ef96139e0bd2979f66242f6dfe77 Size/MD5: 330712 040cf743a30e66034a10b8b66f6a30d1 Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 95380 960ab46e30e78b50eb793e6f00be5823 Size/MD5: 629 8a2a372fa53360752970fbd3340cc419 Size/MD5: 688912 7b08b62bcf99f1c7818fc5a622293f4c Architecture independent packages: Size/MD5: 46294 3f2cc28495b02b0976d347bdff4e5a45 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 112360 7e5d4ead7131dc1b1dfb317e69356c2e Size/MD5: 351104 bd3155b620f2b9c4788633c84cfcb0d1 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 97278 a1635198ecb4b5ece2a3bdd147aa15bf Size/MD5: 321536 a7c6a20067db8e81d8f6115f7d8d6fda powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 108676 4d0ea9a15f26f072579649a63b9a7d9b Size/MD5: 355236 be6f4d51fb7e7ababa47bdfded4c3017 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 105096 5b63ea053b50bdfd166366e35a5dde1c Size/MD5: 330520 5aff30484a738f2697086c184da2eb31 -- ubuntu-security-announce mailing list

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds