CVE-2004-0564
published 2004-12-23CVE-2004-0564: Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE…
PriorityP411low2.1CVSS 2.0
AVLACLAuNCNIPAN
EPSS
0.36%
28.0th percentile
Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | rp-pppoe | < rp-pppoe 3.5-4 (bookworm) | rp-pppoe 3.5-4 (bookworm) |
| roaring_penguin | pppoe | — | — |
| roaring_penguin | pppoe | — | — |
| roaring_penguin | pppoe | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
osv2.1LOW
vendor_debian2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2004-0564: rp-pppoe - Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root c...
vendor_debian·2004·CVSS 2.1
CVE-2004-0564 [LOW] CVE-2004-0564: rp-pppoe - Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root c...
Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.
Scope: local
bookworm: resolved (fixed in 3.5-4)
bullseye: resolved (fixed in 3.5-4)
forky: resolved (fixed in 3.5-4)
sid: resolved (fixed in 3.5-4)
trixie: resolved (fixed in 3.5-4)
GHSA
GHSA-56r3-rhf9-5xfv: Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files
ghsa_unreviewed·2022-04-29
CVE-2004-0564 [LOW] GHSA-56r3-rhf9-5xfv: Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files
Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.
OSV
CVE-2004-0564: Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files
osv·2004-12-23·CVSS 2.1
CVE-2004-0564 [LOW] CVE-2004-0564: Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files
Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=110247119200510&w=2http://marc.info/?l=bugtraq&m=110253341209450&w=2http://www.debian.org/security/2004/dsa-557http://www.fedoralegacy.org/updates/FC1/2005-11-14-FLSA_2005_152794__Updated_rp_pppoe_package_fixes_security_issue.htmlhttp://www.securityfocus.com/bid/11315https://exchange.xforce.ibmcloud.com/vulnerabilities/17576http://marc.info/?l=bugtraq&m=110247119200510&w=2http://marc.info/?l=bugtraq&m=110253341209450&w=2http://www.debian.org/security/2004/dsa-557http://www.fedoralegacy.org/updates/FC1/2005-11-14-FLSA_2005_152794__Updated_rp_pppoe_package_fixes_security_issue.htmlhttp://www.securityfocus.com/bid/11315https://exchange.xforce.ibmcloud.com/vulnerabilities/17576
2004-12-23
Published