CVE-2006-2194

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2006-2194

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2006-2194.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2006-2194

Related

DSA-1106

Published

2006-07-05T18:05:00Z

Modified

2025-04-03T01:03:51Z

Summary

[none]

Details

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.

References

Affected packages

Debian:11 / ppp

Package

Name: ppp
Purl: pkg:deb/debian/ppp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.4rel-1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:12 / ppp

Package

Name: ppp
Purl: pkg:deb/debian/ppp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.4rel-1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:13 / ppp

Package

Name: ppp
Purl: pkg:deb/debian/ppp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.4rel-1

Ecosystem specific

{
    "urgency": "medium"
}