Vulnerability Description
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Point-To-Point Protocol Project | Point-To-Point Protocol | <= 2.4.4 |
References
- http://secunia.com/advisories/20963
- http://secunia.com/advisories/20967PatchVendor Advisory
- http://secunia.com/advisories/20987PatchVendor Advisory
- http://secunia.com/advisories/20996PatchVendor Advisory
- http://www.debian.org/security/2006/dsa-1106PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:119
- http://www.osvdb.org/26994
- http://www.securityfocus.com/bid/18849Patch
- http://www.ubuntu.com/usn/usn-310-1
- http://secunia.com/advisories/20963
- http://secunia.com/advisories/20967PatchVendor Advisory
- http://secunia.com/advisories/20987PatchVendor Advisory
- http://secunia.com/advisories/20996PatchVendor Advisory
- http://www.debian.org/security/2006/dsa-1106PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:119
FAQ
What is CVE-2006-2194?
CVE-2006-2194 is a vulnerability with a CVSS score of 7.2 (HIGH). The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as e...
How severe is CVE-2006-2194?
CVE-2006-2194 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2194?
Check the references section above for vendor advisories and patch information. Affected products include: Point-To-Point Protocol Project Point-To-Point Protocol.