Unrated severityNVD Advisory· Published Jul 5, 2006· Updated Apr 16, 2026

CVE-2006-2194

Description

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.

Affected products

Point To Point Protocol Project/Point To Point Protocol
cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:*:*:*:*:*:*:*:*
Range: <=2.4.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20967nvdPatchVendor Advisory
secunia.com/advisories/20987nvdPatchVendor Advisory
secunia.com/advisories/20996nvdPatchVendor Advisory
www.debian.org/security/2006/dsa-1106nvdPatchVendor Advisory
www.securityfocus.com/bid/18849nvdPatch
secunia.com/advisories/20963nvd
www.mandriva.com/security/advisoriesnvd
www.osvdb.org/26994nvd
www.ubuntu.com/usn/usn-310-1nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000