Unrated severityNVD Advisory· Published Dec 23, 2004· Updated Apr 16, 2026
CVE-2004-0564
CVE-2004-0564
Description
Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.
Affected products
15cpe:2.3:a:roaring_penguin:pppoe:3.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:roaring_penguin:pppoe:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:roaring_penguin:pppoe:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:roaring_penguin:pppoe:3.5:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.debian.org/security/2004/dsa-557nvdPatchVendor Advisory
- www.securityfocus.com/bid/11315nvdPatchVendor Advisory
- marc.infonvd
- marc.infonvd
- www.fedoralegacy.org/updates/FC1/2005-11-14-FLSA_2005_152794__Updated_rp_pppoe_package_fixes_security_issue.htmlnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17576nvd
News mentions
0No linked articles in our index yet.