7.2

CVE-2006-2194

EPSS 0.06%
Veröffentlicht 05.07.2006 18:05:00
Zuletzt bearbeitet 16.04.2026 00:27:16
Quelle security@debian.org
CVE-Watchlists
Login
Unerledigt
Login

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Point-to-point Protocol Project ≫ Point-to-point Protocol Version <= 2.4.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.14

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/20963

http://secunia.com/advisories/20967

Patch

Vendor Advisory

http://secunia.com/advisories/20987

Patch

Vendor Advisory

http://secunia.com/advisories/20996

Patch

Vendor Advisory

http://www.debian.org/security/2006/dsa-1106

Patch

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2006:119

http://www.osvdb.org/26994

http://www.securityfocus.com/bid/18849

Patch

http://www.ubuntu.com/usn/usn-310-1

https://nvd.nist.gov/vuln/detail/CVE-2006-2194

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2194

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2194

EUVD