CVE-2006-2194
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/07/2006
Last modified:
03/04/2025
Description
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:*:*:*:*:*:*:*:* | 2.4.4 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/20963
- http://secunia.com/advisories/20967
- http://secunia.com/advisories/20987
- http://secunia.com/advisories/20996
- http://www.debian.org/security/2006/dsa-1106
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A119
- http://www.osvdb.org/26994
- http://www.securityfocus.com/bid/18849
- http://www.ubuntu.com/usn/usn-310-1
- http://secunia.com/advisories/20963
- http://secunia.com/advisories/20967
- http://secunia.com/advisories/20987
- http://secunia.com/advisories/20996
- http://www.debian.org/security/2006/dsa-1106
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A119
- http://www.osvdb.org/26994
- http://www.securityfocus.com/bid/18849
- http://www.ubuntu.com/usn/usn-310-1