CVE-2005-0392

Name of the Vulnerable Software and Affected Versions ppxp-tcltk versions (affected versions not specified) ppxp versions (affected versions not specified) ppxp-dev versions (affected versions not specified) ppxp-x11 versions (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the ppxp package of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a local attacker. Specifically, ppxp does not drop root privileges before opening log files, allowing local users to execute arbitrary commands.

Recommendations For ppxp-tcltk, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ppxp, consider restricting access to the log files until a patch is available. For ppxp-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ppxp-x11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.