CVE-2024-58250
Publication date 22 April 2025
Last updated 11 July 2025
Ubuntu priority
The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.
Mitigation
This issue can be mitigated by not using the promptprog configuration option.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| ppp | 25.04 plucky |
Not affected
|
| 24.04 LTS noble | Ignored see notes | |
| 22.04 LTS jammy | Ignored see notes | |
| 20.04 LTS focal | Ignored see notes | |
| 18.04 LTS bionic | Ignored see notes | |
| 16.04 LTS xenial | Ignored see notes | |
| 14.04 LTS trusty | Ignored see notes |
Notes
rodrigo-zaiden
the fix is to remove the passpromt feature, which could break any existing usage that depends on this specific feature.
mdeslaur
This feature is not enabled by default. We will not fix this issue in stable releases, we recommend not using the feature if this is an issue in your environment.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.3 · Critical
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |