CVE-2006-2194

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.ubuntu.com/usn/usn-310-1
http://www.securityfocus.com/bid/18849	Patch
http://www.debian.org/security/2006/dsa-1106	Patch Vendor Advisory
http://www.osvdb.org/26994
http://secunia.com/advisories/20963
http://secunia.com/advisories/20967	Patch Vendor Advisory
http://secunia.com/advisories/20996	Patch Vendor Advisory
http://secunia.com/advisories/20987	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:119

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:*:*:*:*:*:*:*:*

Information

Published : 2006-07-05 11:05

Updated : 2020-02-24 07:55

NVD link : CVE-2006-2194

Mitre link : CVE-2006-2194

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

point-to-point_protocol_project

point-to-point_protocol

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ubuntu.com/usn/usn-310-1", "name": "USN-310-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.securityfocus.com/bid/18849", "name": "18849", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.debian.org/security/2006/dsa-1106", "name": "DSA-1106", "tags": ["Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.osvdb.org/26994", "name": "26994", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/20963", "name": "20963", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/20967", "name": "20967", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/20996", "name": "20996", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/20987", "name": "20987", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:119", "name": "MDKSA-2006:119", "tags": [], "refsource": "MANDRIVA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-2194", "ASSIGNER": "security@debian.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-07-05T18:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.4.4"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-02-24T15:55Z"}