Debian Security Advisory DSA 557-1 (rp-pppoe, Pppoe) Network Vulnerability

Summary

The remote host is missing an update to rp-pppoe, pppoe announced via advisory DSA 557-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20557-1

Insight

Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root (which is not the case in a default Debian installation), an attacker could overwrite any file on the file system. For the stable distribution (woody) this problem has been fixed in version 3.3-1.2. For the unstable distribution (sid) this problem has been fixed in version 3.5-4. We recommend that you upgrade your pppoe package.

Severity

Classification

CVE CVE-2004-0564
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 285-1 (lprng)
Debian Security Advisory DSA 2352-1 (puppet)
Debian Security Advisory DSA 2627-1 (nginx - information leak)
Debian Security Advisory DSA 2606-1 (proftpd-dfsg - symlink race)
Debian Security Advisory DSA 2878-1 (virtualbox - security update)

Debian Security Advisory DSA 557-1 (rp-pppoe, pppoe)

Take action and discover your vulnerabilities