Re: [SECURITY] [DSA 557-1] New rp-pppoe packages fix potential root compromise

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 557-1] New rp-pppoe packages fix potential root compromise
From: Nils Rennebarth <Nils.Rennebarth@web.de>
Date: Mon, 11 Oct 2004 21:13:32 +0200
Message-id: <[🔎] 416ADB5C.9020607@web.de>
In-reply-to: <m1CEPtZ-000pyHC@finlandia.Infodrom.North.DE>
References: <m1CEPtZ-000pyHC@finlandia.Infodrom.North.DE>

Martin Schulze wrote:

Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet
driver from Roaring Penguin.  When the program is running setuid root
(which is not the case in a default Debian installation), an attacker
could overwrite any file on the file system.

For the stable distribution (woody) this problem has been fixed in
version 3.3-1.2.

For the unstable distribution (sid) this problem has been fixed in
version 3.5-4.

Is there an estimation when the 3.5-4 Version for unstable will hit thearchive?



--
                                     ______
                                    (Muuuhh)
Global Village Sau  ==>        ^..^ |/¯¯¯¯¯
(Kann Fremdsprache) ==>        (oo)

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 557-1] New rp-pppoe packages fix potential root compromise
  - From: Greg Folkert <greg@gregfolkert.net>

Prev by Date: Re: upgrading sendmail package when postfix installed
Next by Date: Re: [SECURITY] [DSA 557-1] New rp-pppoe packages fix potential root compromise
Previous by thread: Re: upgrading sendmail package when postfix installed
Next by thread: Re: [SECURITY] [DSA 557-1] New rp-pppoe packages fix potential root compromise
Index(es):
- Date
- Thread