Gentoo: GLSA-200411-02 Security Advisory on OpenSSL Vulnerability
gentoo
November 2, 2004
pppd contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
Summary
Gentoo Linux Security Advisory GLSA 200411-01
https://security.gentoo.org/
Severity: Low
Title: ppp: No denial of service vulnerability
Date: November 01, 2004
Bugs: #69152
ID: 200411-01
Synopsis
=======
pppd contains a bug that allows an attacker to crash his own
connection, but it cannot be used to deny service to other users.
Background
=========
ppp is a Unix implementation of the Point-to-Point Protocol.
==========
The pppd server improperly verifies header fields, potentially leading
to a crash of the pppd process handling the connection. However, since
a separate pppd process handles each ppp connection, this would not
affect any other connection, or prevent new connections from being
established.
Impact
=====
We incorrectly thought that this bug could be exploited to deny service
to all ppp users. It is not the case, this bug has no security impact
whatsoever. Many thanks to Paul...
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
low
Lowest
Low
Medium
High
Critical
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!