[USN-310-1] ppp vulnerability

Martin Pitt martin.pitt at canonical.com
Wed Jul 5 22:29:42 UTC 2006


=========================================================== 
Ubuntu Security Notice USN-310-1              July 05, 2006
ppp vulnerability
CVE-2006-2194
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  ppp                            2.4.3-20050321+2ubuntu1.1
  ppp-dev                        2.4.3-20050321+2ubuntu1.1
  ppp-udeb                       2.4.3-20050321+2ubuntu1.1

Ubuntu 6.06 LTS:
  ppp                            2.4.4b1-1ubuntu3.1
  ppp-dev                        2.4.4b1-1ubuntu3.1
  ppp-udeb                       2.4.4b1-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Marcus Meissner discovered that the winbind plugin of pppd does not
check the result of the setuid() call. On systems that configure PAM
limits for the maximum number of user processes and enable the winbind
plugin, a local attacker could exploit this to execute the winbind
NTLM authentication helper as root. Depending on the local winbind
configuration, this could potentially lead to privilege escalation.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.3-20050321+2ubuntu1.1.diff.gz
      Size/MD5:    84735 b936bb967b2bf26bb8e894b52b56f567
    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.3-20050321+2ubuntu1.1.dsc
      Size/MD5:      639 6fa315e3b2b44a005b1884f8e1d84838
    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.3.orig.tar.gz
      Size/MD5:   697459 0537b03fb51cbb847290abdbb765cb93

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-dev_2.4.3-20050321+2ubuntu1.1_all.deb
      Size/MD5:    33168 6a580e1ea142bee104cddd5593ee5bc5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-udeb_2.4.3-20050321+2ubuntu1.1_amd64.udeb
      Size/MD5:   112486 498b0a9fea2370c8f0419ef14016d499
    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.3-20050321+2ubuntu1.1_amd64.deb
      Size/MD5:   349850 35c4edac3178de4ed6ee4a623b97e8bc

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-udeb_2.4.3-20050321+2ubuntu1.1_i386.udeb
      Size/MD5:    97874 5d1663cab583200aa383f63756166351
    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.3-20050321+2ubuntu1.1_i386.deb
      Size/MD5:   321080 134ca18479227697f4dc4d4276126141

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-udeb_2.4.3-20050321+2ubuntu1.1_powerpc.udeb
      Size/MD5:   108914 6bcb2e66fb0473fe915239f472b3fa9c
    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.3-20050321+2ubuntu1.1_powerpc.deb
      Size/MD5:   353924 5d79faafa8d39f06bbe73783cfb23db1

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-udeb_2.4.3-20050321+2ubuntu1.1_sparc.udeb
      Size/MD5:   104752 fc65ef96139e0bd2979f66242f6dfe77
    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.3-20050321+2ubuntu1.1_sparc.deb
      Size/MD5:   330712 040cf743a30e66034a10b8b66f6a30d1

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.4b1-1ubuntu3.1.diff.gz
      Size/MD5:    95380 960ab46e30e78b50eb793e6f00be5823
    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.4b1-1ubuntu3.1.dsc
      Size/MD5:      629 8a2a372fa53360752970fbd3340cc419
    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.4b1.orig.tar.gz
      Size/MD5:   688912 7b08b62bcf99f1c7818fc5a622293f4c

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-dev_2.4.4b1-1ubuntu3.1_all.deb
      Size/MD5:    46294 3f2cc28495b02b0976d347bdff4e5a45

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-udeb_2.4.4b1-1ubuntu3.1_amd64.udeb
      Size/MD5:   112360 7e5d4ead7131dc1b1dfb317e69356c2e
    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.4b1-1ubuntu3.1_amd64.deb
      Size/MD5:   351104 bd3155b620f2b9c4788633c84cfcb0d1

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-udeb_2.4.4b1-1ubuntu3.1_i386.udeb
      Size/MD5:    97278 a1635198ecb4b5ece2a3bdd147aa15bf
    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.4b1-1ubuntu3.1_i386.deb
      Size/MD5:   321536 a7c6a20067db8e81d8f6115f7d8d6fda

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-udeb_2.4.4b1-1ubuntu3.1_powerpc.udeb
      Size/MD5:   108676 4d0ea9a15f26f072579649a63b9a7d9b
    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.4b1-1ubuntu3.1_powerpc.deb
      Size/MD5:   355236 be6f4d51fb7e7ababa47bdfded4c3017

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-udeb_2.4.4b1-1ubuntu3.1_sparc.udeb
      Size/MD5:   105096 5b63ea053b50bdfd166366e35a5dde1c
    http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.4b1-1ubuntu3.1_sparc.deb
      Size/MD5:   330520 5aff30484a738f2697086c184da2eb31

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20060706/df72456d/attachment.sig>


More information about the ubuntu-security-announce mailing list