Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: Ubuntu :: b06-3463.htm

PPP vulnerability
ppp vulnerability
ppp vulnerability

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Ubuntu Security Notice USN-310-1              July 05, 2006
ppp vulnerability
A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  ppp                            2.4.3-20050321+2ubuntu1.1
  ppp-dev                        2.4.3-20050321+2ubuntu1.1
  ppp-udeb                       2.4.3-20050321+2ubuntu1.1

Ubuntu 6.06 LTS:
  ppp                            2.4.4b1-1ubuntu3.1
  ppp-dev                        2.4.4b1-1ubuntu3.1
  ppp-udeb                       2.4.4b1-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Marcus Meissner discovered that the winbind plugin of pppd does not
check the result of the setuid() call. On systems that configure PAM
limits for the maximum number of user processes and enable the winbind
plugin, a local attacker could exploit this to execute the winbind
NTLM authentication helper as root. Depending on the local winbind
configuration, this could potentially lead to privilege escalation.

Updated packages for Ubuntu 5.10:

  Source archives: 
      Size/MD5:    84735 b936bb967b2bf26bb8e894b52b56f567 
      Size/MD5:      639 6fa315e3b2b44a005b1884f8e1d84838 
      Size/MD5:   697459 0537b03fb51cbb847290abdbb765cb93

  Architecture independent packages: 
      Size/MD5:    33168 6a580e1ea142bee104cddd5593ee5bc5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon) 
      Size/MD5:   112486 498b0a9fea2370c8f0419ef14016d499 
      Size/MD5:   349850 35c4edac3178de4ed6ee4a623b97e8bc

  i386 architecture (x86 compatible Intel/AMD) 
      Size/MD5:    97874 5d1663cab583200aa383f63756166351 
      Size/MD5:   321080 134ca18479227697f4dc4d4276126141

  powerpc architecture (Apple Macintosh G3/G4/G5) 
      Size/MD5:   108914 6bcb2e66fb0473fe915239f472b3fa9c 
      Size/MD5:   353924 5d79faafa8d39f06bbe73783cfb23db1

  sparc architecture (Sun SPARC/UltraSPARC) 
      Size/MD5:   104752 fc65ef96139e0bd2979f66242f6dfe77 
      Size/MD5:   330712 040cf743a30e66034a10b8b66f6a30d1

Updated packages for Ubuntu 6.06 LTS:

  Source archives: 
      Size/MD5:    95380 960ab46e30e78b50eb793e6f00be5823 
      Size/MD5:      629 8a2a372fa53360752970fbd3340cc419 
      Size/MD5:   688912 7b08b62bcf99f1c7818fc5a622293f4c

  Architecture independent packages: 
      Size/MD5:    46294 3f2cc28495b02b0976d347bdff4e5a45

  amd64 architecture (Athlon64, Opteron, EM64T Xeon) 
      Size/MD5:   112360 7e5d4ead7131dc1b1dfb317e69356c2e 
      Size/MD5:   351104 bd3155b620f2b9c4788633c84cfcb0d1

  i386 architecture (x86 compatible Intel/AMD) 
      Size/MD5:    97278 a1635198ecb4b5ece2a3bdd147aa15bf 
      Size/MD5:   321536 a7c6a20067db8e81d8f6115f7d8d6fda

  powerpc architecture (Apple Macintosh G3/G4/G5) 
      Size/MD5:   108676 4d0ea9a15f26f072579649a63b9a7d9b 
      Size/MD5:   355236 be6f4d51fb7e7ababa47bdfded4c3017

  sparc architecture (Sun SPARC/UltraSPARC) 
      Size/MD5:   105096 5b63ea053b50bdfd166366e35a5dde1c 
      Size/MD5:   330520 5aff30484a738f2697086c184da2eb31

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.1 (GNU/Linux)



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH