CVE-2004-0564

Name of the Vulnerable Software and Affected Versions pppoe versions (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the pppoe package of the Debian GNU/Linux operating system, which can be exploited by a local attacker to compromise the integrity of protected information. Specifically, the Roaring Penguin pppoe (rp-ppoe) can allow local users to overwrite arbitrary files if it is installed or configured to run setuid root, contrary to its design. It is noted that the developer has disputed this as a vulnerability since pppoe is not intended to run setuid-root.

Recommendations For configurations where pppoe is run setuid root, consider removing the setuid root configuration to prevent exploitation. As a temporary workaround, consider restricting access to the pppoe package to minimize the risk of arbitrary file overwrites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.