Mandrake Linux Security Advisory : rp-pppoe (MDKSA-2004:145)
Low Nessus Plugin ID 15918
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionMax Vozeler discovered that when pppoe, part of the rp-pppoe package, is running setuid root, an attacker can overwrite any file on the system. Mandrakelinux does not install pppoe setuid, nor is it meant to be run setuid. Regardless, the packages have been patched to prevent this problem.
SolutionUpdate the affected rp-pppoe and / or rp-pppoe-gui packages.