[Security-team] [Fwd: [SA20963] ppp setuid Security Issue]
Alexey Borovskoy
=?iso-8859-1?q?alexey=2Eborovskoy_=CE=C1_gmail=2Ecom?=
Сб Июл 8 10:41:07 MSD 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TITLE:
ppp setuid Security Issue
SECUNIA ADVISORY ID:
SA20963
VERIFY ADVISORY:
http://secunia.com/advisories/20963/
CRITICAL:
Moderately critical
IMPACT:
Privilege escalation
WHERE:
Local system
SOFTWARE:
ppp 2.x
http://secunia.com/product/4174/
DESCRIPTION:
Marcus Meissner discovered a vulnerability in the winbind plugin of
ppp, which potentially can be exploited by malicious, local users to
perform certain actions with escalated privileges.
The security issue is caused due to missing checks for whether the
"setuid()" call has succeeded. This can potentially be exploited to
launch the winbind NTLM authentication helper with root privileges,
which may allow the user to perform certain actions as the root
user.
Successful exploitation allows to perform certain actions with
escalated privileges, but requires special PAM and ppp
configurations.
This vulnerability has been reported in version 2.4.3 and 2.4.4b1.
Prior versions may also be affected.
SOLUTION:
Update to version 2.4.4.
ftp://ftp.samba.org/pub/ppp/
PROVIDED AND/OR DISCOVERED BY:
Marcus Meissner
ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-310-1
- --
Алексей.
GPG key fingerprint
949B BC0E 2C44 7528 4F63 2753 E37A 9E3F 11F3 BDE1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEr1OC43qePxHzveERAoDVAJ4h7/X1TLlMrLfuGi3X7VfwQP9nyQCgkKcS
M/xPaEUgcr0WgNyaYPcPAHE=
=eSzp
-----END PGP SIGNATURE-----
Подробная информация о списке рассылки Security-team