Debian: rp-pppoe, pppoe missing privilegue dropping

    Date04 Oct 2004
    CategoryDebian
    2703
    Posted ByLinuxSecurity Advisories
    Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root (which is not the case in a default Debian installation), an attacker could overwrite any file on the file system.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 557-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    October 4th, 2004                        http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : rp-pppoe, pppoe
    Vulnerability  : missing privilegue dropping
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CAN-2004-0564
    
    Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet
    driver from Roaring Penguin.  When the program is running setuid root
    (which is not the case in a default Debian installation), an attacker
    could overwrite any file on the file system.
    
    For the stable distribution (woody) this problem has been fixed in
    version 3.3-1.2.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 3.5-4.
    
    We recommend that you upgrade your pppoe package.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/r/rp-pppoe/rp-pppoe_3.3-1.2.dsc
          Size/MD5 checksum:      571 20a98e281e9effbdbe253d5f1ec7c07b
         http://security.debian.org/pool/updates/main/r/rp-pppoe/rp-pppoe_3.3-1.2.diff.gz
          Size/MD5 checksum:    17171 840c64159a02c63bcd84ad84acbcfbbe
         http://security.debian.org/pool/updates/main/r/rp-pppoe/rp-pppoe_3.3.orig.tar.gz
          Size/MD5 checksum:   171480 1cd6bc22f7601f769bb654db4a15b15d
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_alpha.deb
          Size/MD5 checksum:    83104 ea1e596bbd07d28d272c723ef627b935
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_arm.deb
          Size/MD5 checksum:    60492 6f90f09bbb0115dd8b5aa08970fc7007
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_i386.deb
          Size/MD5 checksum:    54276 765e571caff2562b74bdae9636712d58
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_ia64.deb
          Size/MD5 checksum:    90212 c03d1045236ee6aaf0bec77e287b0a50
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_hppa.deb
          Size/MD5 checksum:    64064 8669b8c254a243fbb4620e9cf5ac5905
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_m68k.deb
          Size/MD5 checksum:    51000 23a16fdf89476bdf62107667d9f71d50
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_mips.deb
          Size/MD5 checksum:    68078 750310a89f7f34d0e8921efb45999cda
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_mipsel.deb
          Size/MD5 checksum:    68320 eb2c9ea82226df16363392e78ab04fb1
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_powerpc.deb
          Size/MD5 checksum:    56970 dd068ef0338515cc0a846ed1dfdf0dbc
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_s390.deb
          Size/MD5 checksum:    58376 8b520d4fc7ff356d40e7f7fc1b10b8e3
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_sparc.deb
          Size/MD5 checksum:    64326 c5523f8e12ec9bd01a003912df5611a7
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.