|
|
| CVE-ID | ||
|---|---|---|
CVE-2004-0564 |
• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
|
|
| Description | ||
| Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings. | ||
| References | ||
| Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. | ||
|
||
| Date Entry Created | ||
| 20040614 | Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE. | |
| Phase (Legacy) | ||
| Assigned (20040614) | ||
| Votes (Legacy) | ||
| NOOP(1) Christey |
||
| Comments (Legacy) | ||
Christey> In addition to the public statement made to Bugtraq, David F. Skoll, the developer of pppoe, says: >CVE-2004-0564 is a >bogus "vulnerability". rp-pppoe is NOT meant to be installed >setuid-root. One might as well file a "vulnerability" on "cat" >because if "cat" is setuid-root, then an "attacker" can read any file >on the system. > >This vulnerability is more properly a Debian vulnerability because >Debian ... insecurely installs rp-pppoe suid-root. > >Please add my comments to the "Comments" field of the CVE; I don't think >it should be blessed with an official listing. |
||
| Proposed (Legacy) | ||
| N/A | ||
| This is an entry on the CVE list, which standardizes names for security problems. | ||
|
You can also search by reference using the CVE Reference Maps.
|
||
| For More Information: cve@mitre.org | ||
