Debian Ppp vulnerabilities

CVE-2024-58250 [CRITICAL] CVE-2024-58250: ppp - The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.5.2-1+1) sid: resolved (fixed in 2.5.2-1+1) trixie: resolved (fixed in 2.5.2-1+1)

CVE-2022-4603 [MEDIUM] CVE-2022-4603: ppp - A vulnerability classified as problematic has been found in ppp. Affected is the... A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c3

CVE-2020-8597 [CRITICAL] CVE-2020-8597: lwip - eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the... eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. Scope: local bookworm: resolved (fixed in 2.1.2+dfsg1-5) bullseye: resolved (fixed in 2.1.2+dfsg1-5) forky: resolved (fixed in 2.1.2+dfsg1-5) sid: resolved (fixed in 2.1.2+dfsg1-5) trixie: resolved (fixed in 2.1.2+dfsg1-5)

CVE-2020-15704 [MEDIUM] CVE-2020-15704: ppp - The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed pa... The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ub

CVE-2018-11574 [CRITICAL] CVE-2018-11574: ppp - Improper input validation together with an integer overflow in the EAP-TLS proto... Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected. Scope: local b

CVE-2015-3310 [MEDIUM] CVE-2015-3310: ppp - Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP ... Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server. Scope: local bookworm: resolved (fixed in 2.4.6-3.1) bullseye: resolved (fixed in 2.4.6-3.1) forky:

CVE-2014-3158 [HIGH] CVE-2014-3158: ppp - Integer overflow in the getword function in options.c in pppd in Paul's PPP Pack... Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables." Scope: local bookworm: resolved (fixed in 2.4.6-3) bullseye: resolved (fixed in 2.4.6-3) forky:

CVE-2008-5366 [MEDIUM] CVE-2008-5366: ppp - The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to ov... The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2008-5367 [MEDIUM] CVE-2008-5367: ppp - ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite a... ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2006-2194 [HIGH] CVE-2006-2194: ppp - The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return c... The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges. Scope: local bookworm: resolved

CVE-2004-1002 [HIGH] CVE-2004-1002: ppp - Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cau... Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location. Scope: local bookworm: resolved (fixed in 2.4.2+20040428-3) bullseye: resolved (fixed in 2.4.2+20040428-3) forky: resolved (fixed in 2.4.2+20040428-3) s