Debian Security Advisory DSA 557-1 (rp-pppoe, Pppoe) Network Vulnerability

Summary

The remote host is missing an update to rp-pppoe, pppoe announced via advisory DSA 557-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20557-1

Insight

Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root (which is not the case in a default Debian installation), an attacker could overwrite any file on the file system. For the stable distribution (woody) this problem has been fixed in version 3.3-1.2. For the unstable distribution (sid) this problem has been fixed in version 3.5-4. We recommend that you upgrade your pppoe package.

Severity

Classification

CVE CVE-2004-0564

CVSS	Base Score: 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 022-1 (exmh)
Debian Security Advisory DSA 2238-1 (vino)
Debian Security Advisory DSA 2821-1 (gnupg - side channel attack)
Debian Security Advisory DSA 2309-1 (openssl)
Debian Security Advisory DSA 1326-1 (fireflier-server)

Debian Security Advisory DSA 557-1 (rp-pppoe, pppoe)

Take action and discover your vulnerabilities