1 Mar 2005 04:11
(fwd) [SECURITY] iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability
[Please upgrade kppp if required. Updated packages for your distribution, if required, should be out shortly -- Raju] This is an RFC 1153 digest. (1 message) ---------------------------------------------------------------------- Message-ID: <FB24803D1DF2A34FA59FC157B77C970503E24A77@...> From: "iDEFENSE Labs" <labs-no-reply@...> To: <bugtraq@...>, <vulnwatch@...> Subject: iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability Date: Mon, 28 Feb 2005 11:11:21 -0500 KPPP Privileged File Descriptor Leak Vulnerability iDEFENSE Security Advisory 02.28.05 www.idefense.com/application/poi/display?id=208&type=vulnerabilities February 28, 2005 I. BACKGROUND KPPP is a dialer and front end for pppd. It allows for interactive script generation and network setup. More information is available at: http://docs.kde.org/en/3.3/kdenetwork/kppp/ II. DESCRIPTION Local exploitation of a privileged file descriptor leak in KPPP can allow attackers to hijack a system's domain name resolution function.(Continue reading)
RSS Feed