Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 601
Alerts This Week
Warning Icon 1 601

Gentoo: 202107-14 Critical: pptpd Remote Buffer Overflow Advisory

gentoo
Calendar Grey April 28, 2003
Dist Gentoo Esm H88
Important security flaw resolved in Gentoo's pptpd. Users must upgrade to the latest version to maintain safety.
A buffer overflow has been fixed in pptpd

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200304-08
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------
- From advisory:
"PPTP packet header contain 16bit length which specifies the full size of the packet:
bytes_this = read(clientFd, packet + bytes_ttl, 2 - bytes_ttl); // ... bytes_ttl += bytes_this; // ... length = htons(*(u_int16_t *) packet); if (length > PPTP_MAX_CTRL_PCKT_SIZE) { // abort }
Looks good so far, except:
bytes_this = read(clientFd, packet + bytes_ttl, length - bytes_ttl);
If given length was 0 or 1, the "length - bytes_ttl" result is -1 or -2, which means that it reads unlimited amount of data from client into "packet", which is a buffer located in stack.
The exploitability only depends on if libc allo...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : pptpd
SUMMARY : buffer overflow
DATE : 2003-04-28 09:22 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =pptpd-1.1.3.20030429
CVE : CAN-2003-0213

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround