package: pppoe
severity: grave
tags: security
Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet
driver from Roaring Penguin. When the program is running setuid root, an
attacker could overwrite any file on the file system.
CVE-2004-0564: Roaring Penguin pppoe (rp-ppoe), if installed or
configured to run setuid root contrary to its design, allows local users
to overwrite arbitrary files.
NOTE: the developer has publicly disputed the claim that this is a
vulnerability because pppoe "is NOT designed to run setuid-root."
Therefore this identifier applies *only* to those configurations and
installations under which pppoe is run setuid root despite the
developer's warnings.
This was fixed in Redhat a month ago despite their default configuration
not using suid. See [FLSA-2005:152794]
In Debian Sarge, both /usr/sbin/pppd and /usr/sbin/pppoe files are
"-rwsr-xr-- root dip".
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
