7.2

CVE-2006-2194

EPSS 0.06%
Published 05.07.2006 18:05:00
Last modified 03.04.2025 01:03:51
Source security@debian.org
Teams watchlist Login
Open Login

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Point-to-point Protocol Project ≫ Point-to-point Protocol Version <= 2.4.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.14

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/20963

http://secunia.com/advisories/20967

Patch

Vendor Advisory

http://secunia.com/advisories/20987

Patch

Vendor Advisory

http://secunia.com/advisories/20996

Patch

Vendor Advisory

http://www.debian.org/security/2006/dsa-1106

Patch

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2006:119

http://www.osvdb.org/26994

http://www.securityfocus.com/bid/18849

Patch

http://www.ubuntu.com/usn/usn-310-1

https://nvd.nist.gov/vuln/detail/CVE-2006-2194

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2194

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2194

EUVD