FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ppxp -- local root exploit

Affected packages
0 < ppxp
0 < ja-ppxp

Details

VuXML ID 641e8609-cab5-11d9-9aed-000e0c2e438a
Discovery 2005-05-19
Entry 2005-05-22

A Debian Advisory reports:

Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell.

References

CVE Name CVE-2005-0392
URL http://www.debian.org/security/2005/dsa-725