Package name
rp-pppoe
Date
2004-12-06
Advisory ID
MDKSA-2004:145
Affected versions
9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , 9.2 i586 , MNF8.2 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

Max Vozeler discovered that when pppoe, part of the rp-pppoe package, is running setuid root, an attacker can overwrite any file on the system. Mandrakelinux does not install pppoe setuid, nor is it meant to be run setuid. Regardless, the packages have been patched to prevent this problem.

Updated packages

9.2 amd64

 946b85cba1ea6780274d0d9ee9ecf91c  amd64/9.2/RPMS/rp-pppoe-3.5-3.1.92mdk.amd64.rpm
b6b4ced3a16da1799dfd0e0805bcadb6  amd64/9.2/RPMS/rp-pppoe-gui-3.5-3.1.92mdk.amd64.rpm
2f03184db0df85eb6ba618a1360f781a  amd64/9.2/SRPMS/rp-pppoe-3.5-3.1.92mdk.src.rpm

CS2.1 x86_64

 016c9eda79d4d3805ae796846085d4c6  x86_64/corporate/2.1/RPMS/rp-pppoe-3.5-1.1.C21mdk.x86_64.rpm
8642a8fcf2631e7bbba67eecd21bc1bc  x86_64/corporate/2.1/RPMS/rp-pppoe-gui-3.5-1.1.C21mdk.x86_64.rpm
42cc82a8e8b6af877aa807c0476496bd  x86_64/corporate/2.1/SRPMS/rp-pppoe-3.5-1.1.C21mdk.src.rpm

10.0 amd64

 150a55e440c43c8a684d39a459a5fa0a  amd64/10.0/RPMS/rp-pppoe-3.5-3.1.100mdk.amd64.rpm
eb5fdb187452a121dc88fc627715113a  amd64/10.0/RPMS/rp-pppoe-gui-3.5-3.1.100mdk.amd64.rpm
1c7993034cb99ef05f3242c887a8b155  amd64/10.0/SRPMS/rp-pppoe-3.5-3.1.100mdk.src.rpm

10.1 i586

 100d90b8ea25ff714a4fd3800f3b7bbf  10.1/RPMS/rp-pppoe-3.5-4.1.101mdk.i586.rpm
c249795e0c437f3578b9f3ab83d33d78  10.1/RPMS/rp-pppoe-gui-3.5-4.1.101mdk.i586.rpm
ae1e810107aa2c8c5dfca216634765fd  10.1/SRPMS/rp-pppoe-3.5-4.1.101mdk.src.rpm

10.0 i586

 0e485ee8443f57b18ab629f53ff75518  10.0/RPMS/rp-pppoe-3.5-3.1.100mdk.i586.rpm
0bec0bb1083b159594bbd1f525d7d677  10.0/RPMS/rp-pppoe-gui-3.5-3.1.100mdk.i586.rpm
1c7993034cb99ef05f3242c887a8b155  10.0/SRPMS/rp-pppoe-3.5-3.1.100mdk.src.rpm

9.2 i586

 d745440cd787c14637521c8cf5188471  9.2/RPMS/rp-pppoe-3.5-3.1.92mdk.i586.rpm
52f63dcedbcab1c4b80834f83512ce70  9.2/RPMS/rp-pppoe-gui-3.5-3.1.92mdk.i586.rpm
2f03184db0df85eb6ba618a1360f781a  9.2/SRPMS/rp-pppoe-3.5-3.1.92mdk.src.rpm

MNF8.2 i586

 daf4bf7d46a2fda22ed3299709923055  mnf8.2/RPMS/rp-pppoe-3.3-2.1.M82mdk.i586.rpm
e49e7dbbdd6f9b1a0db804fa61a21cd8  mnf8.2/RPMS/rp-pppoe-gui-3.3-2.1.M82mdk.i586.rpm
80ff456dbdacdde58d3e29c2634de34c  mnf8.2/SRPMS/rp-pppoe-3.3-2.1.M82mdk.src.rpm

CS2.1 i586

 f56f79c9a883a101ccc6496670af1e91  corporate/2.1/RPMS/rp-pppoe-3.5-1.1.C21mdk.i586.rpm
a5eaaad05db008190963f803f390b05f  corporate/2.1/RPMS/rp-pppoe-gui-3.5-1.1.C21mdk.i586.rpm
42cc82a8e8b6af877aa807c0476496bd  corporate/2.1/SRPMS/rp-pppoe-3.5-1.1.C21mdk.src.rpm

10.1 x86_64

 2cb2f26a1dbd9f43c558c0d4d66ae4f4  x86_64/10.1/RPMS/rp-pppoe-3.5-4.1.101mdk.x86_64.rpm
3d5f0f3faff6ba1f54052115ab874e2c  x86_64/10.1/RPMS/rp-pppoe-gui-3.5-4.1.101mdk.x86_64.rpm
ae1e810107aa2c8c5dfca216634765fd  x86_64/10.1/SRPMS/rp-pppoe-3.5-4.1.101mdk.src.rpm

References