1. CVE-Search
  2. CVE-2006-2194
ID CVE-2006-2194
Summary The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:-:*:*:*:*:*:*:*
    cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:-:*:*:*:*:*:*:*
  • cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:2.4.4:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 24-02-2020 - 15:55)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 18849
debian DSA-1106
mandriva MDKSA-2006:119
osvdb 26994
secunia
  • 20963
  • 20967
  • 20987
  • 20996
ubuntu USN-310-1
statements via4
contributor Mark J Cox
lastmodified 2006-08-16
organization Red Hat
statement Not vulnerable. The winbind plugin is not shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Last major update 24-02-2020 - 15:55
Published 05-07-2006 - 18:05
Last modified 24-02-2020 - 15:55
Back to Top