Summary
The remote host is missing an update to ppp
announced via advisory DSA 1106-1.
Marcus Meissner discovered that the winbind plugin in pppd does not check whether a setuid() call has been successful when trying to drop privileges, which may fail with some PAM configurations.
The old stable distribution (woody) is not affected by this problem.
Solution
For the stable distribution (sarge) this problem has been fixed in version 2.4.3-20050321+2sarge1.
For the unstable distribution (sid) this problem has been fixed in version 2.4.4rel-1.
We recommend that you upgrade your ppp package.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201106-1
Severity
Classification
-
CVE CVE-2006-2194 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities