Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet
driver from Roaring Penguin. When the program is running setuid root
(which is not the case in a default Debian installation), an attacker
could overwrite any file on the file system.
For the stable distribution (woody) this problem has been fixed in
version 3.3-1.2.
For the unstable distribution (sid) this problem has been fixed in
version 3.5-4.
We recommend that you upgrade your pppoe package.