7.2

CVE-2006-2194

EPSS 0.06%
Veröffentlicht 05.07.2006 18:05:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle security@debian.org
Teams Watchlist Login
Unerledigt Login

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Point-to-point Protocol Project ≫ Point-to-point Protocol Version <= 2.4.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.14

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/20963

http://secunia.com/advisories/20967

Patch

Vendor Advisory

http://secunia.com/advisories/20987

Patch

Vendor Advisory

http://secunia.com/advisories/20996

Patch

Vendor Advisory

http://www.debian.org/security/2006/dsa-1106

Patch

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2006:119

http://www.osvdb.org/26994

http://www.securityfocus.com/bid/18849

Patch

http://www.ubuntu.com/usn/usn-310-1

https://nvd.nist.gov/vuln/detail/CVE-2006-2194

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2194

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2194

EUVD