Samba Ppp vulnerabilities

CVE-2024-58250 [CRITICAL] CWE-426 CVE-2024-58250: The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.

CVE-2022-4603 [MEDIUM] CWE-119 CVE-2022-4603: A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb

CVE-2020-15704 [MEDIUM] CVE-2020-15704: The modprobe child process in the The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.

CVE-2020-8597 [CRITICAL] CVE-2020-8597: eap eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

CVE-2018-11574 [CRITICAL] CVE-2018-11574: Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations tha

CVE-2015-3310 [MEDIUM] CVE-2015-3310: Buffer overflow in the rc_mksid function in plugins/radius/util Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.

CVE-2014-3158 [HIGH] CVE-2014-3158: Integer overflow in the getword function in options Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."

CVE-2006-2194 [HIGH] CVE-2006-2194: The winbind plugin in pppd for ppp 2 The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.

CVE-2004-1002 [HIGH] CWE-191 CVE-2004-1002: Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of servi Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.