Speedtouch USB Driver Privilege Escalation Vulnerability
SECUNIA ADVISORY ID:
Speedtouch USB driver 1.x
A vulnerability has been reported in Speedtouch USB Driver, which
potentially can be exploited by malicious, local users to gain
The vulnerability is caused due to an unspecified format string
errors in "modem_run", "pppoa2", and "pppoa3".
Successful exploitation may potentially allow execution of arbitrary
code with escalated privileges.
Update to version 1.3.1.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Max Vozeler.
- - -
See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0834
please bump speedtouch to 1.3.1, thanks.
We should have had this GLSA out yesterday at the latest.
net-dialup, please bump package.
commited 1.3.1 as x86
amd64, hppa, alpha : please test and mark net-dialup/speedtouch-1.3.1 stable
stable now on amd64
i couldn't really test it as i don't have a adsl-modem, but it seems to work. sorry for the big delay