Info

Disclosure

Jul 05, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

ppp Winbind Plugin contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the Winbind Plugin fails check the result of 'setuid' call . This flaw may lead to a loss of confidentiality and integrity.

Classification

Location: Local Access Required
Attack Type: Other
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Samba Project	PPP	2.4.3
		2.4.4b1

References

CVE ID: 2006-2194 (see also: NVD)
Secunia Advisory ID: 20963 20967 20987 20996 21480
SCIP VulDB ID: 2358
Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:119
http://www.us.debian.org/security/2006/dsa-1106
Vendor Specific Advisory URL: http://www.ubuntu.com/usn/usn-310-1
http://www.us.debian.org/security/2006/dsa-1150

Credit

Marcus Meissner - meissnersuse.de -

Direct URL: http://osvdb.org/26994

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Samba Project

PPP

References

Credit