Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
172
security advisorydenial of servicecriticalUbuntu 6.06 LTS USN-459-2 Critical: PPTP Denial of Service Fix
USN-459-1 fixed vulnerabilities in pptpd. However, a portion of the fix caused a regression in session establishment under Dapper for certain PPTP clients. This update fixes the problem. We apologize for the inconvenience. . =========================================================== Ubuntu Security Notice USN-459-2 May 21, 2007 pptpd vulnerabilities https://bugs.launchpad.net/ubuntu/+source/pptpd/+bug/115448 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: bcrelay 1.2.3-1ubuntu0.2 pptpd 1.2.3-1ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-459-1 fixed vulnerabilities in pptpd. However, a portion of the fix caused a regression in session establishment under Dapper for certain PPTP clients. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 9454 2d77f7325b22f11bc934caae910d6235 Size/MD5: 597 99180d1dd8b3fb5d18f200bcec669beb Size/MD5: 185721 a521e40ca304b0c125cc25f9b9d03324 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 20470 3f21f2728e3ea23ee38316f5441d6d8d Size/MD5: 56676 b87a21300d9010e1a4bd38dfcc72963d i386 architecture (x86 compatible Intel/AMD) Size/MD5: 19702 79dec9218e4c44ce9ab75ceb609494ff Size/MD5: 54228 0801f14c705396544b024417a9edd53a powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 20368 d2e318aa804d06c3a9fa84f17d0a582c Size/MD5: 58308 52095cfefa517a7e6fa22bdf4d6a148e sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 20142 61d2f4e9a005ab87646006fc12fe9d72 Size/MD5: 54602 d6ff36cf5d38e0c453941f89559b09f2 . Ubuntu Security Notice USN-459-3 addresses a vulnerability in OpenSSH affecting specific client systems. It is advised to update immediately.. PPTPD Update, Ubuntu Security Advisory, Regression Fix. . Severity: Critical. LinuxSecurity.com Team
May 21, 2007
•Critical
Ubuntu
91
security advisorydenial of servicesecurity issueRedHat: 202310-25 Critical: OpenSSH Remote Execution Risk
A vulnerability has been reported in PPTPD which could lead to a Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PPTPD: Denial of Service attack Date: May 20, 2007 Bugs: #176936 ID: 200705-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability has been reported in PPTPD which could lead to a Denial of Service. Background ========= PPTPD is a Point-to-Point Tunnelling Protocol Daemon for Linux. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dialup/pptpd < 1.3.4 > = 1.3.4 Description ========== James Cameron from HP has reported a vulnerability in PPTPD caused by malformed GRE packets. Impact ===== A remote attacker could exploit this vulnerability to cause a Denial of Service on the PPTPD connection. Workaround ========= There is no known workaround at this time. Resolution ========= All PPTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-dialup/pptpd-1.3.4" References ========= [ 1 ] CVE-2007-0244 https://www.cve.org/CVERecord?id=CVE-2007-0244 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200705-18 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance tous. Any security concerns should be addressed to
May 20, 2007
Gentoo
87
security advisorydenial of servicehigh severityDebian 4.0 DSA 1288-1 Critical: pptpd Denial Of Service Attack
It was discovered that the PoPToP Point to Point Tunneling Server contains a programming error, which allows the tear-down of a PPTP connection through a malformed GRE packet, resulting in denial of service.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1288-1
May 08, 2007
•Critical
Debian
91
security advisorygentoobuffer overflowGentoo: 202107-14 Critical: pptpd Remote Buffer Overflow Advisory
A buffer overflow has been fixed in pptpd. It is recommended that all Gentoo Linux users who are runningnet-dialup/pptpd upgrade to pptpd-1.1.3.20030409. - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200304-08 - - --------------------------------------------------------------------- PACKAGE : pptpd SUMMARY : buffer overflow DATE : 2003-04-28 09:22 UTC EXPLOIT : remote VERSIONS AFFECTED : =pptpd-1.1.3.20030429 CVE : CAN-2003-0213 - - --------------------------------------------------------------------- - From advisory: "PPTP packet header contain 16bit length which specifies the full size of the packet: bytes_this = read(clientFd, packet + bytes_ttl, 2 - bytes_ttl); // ... bytes_ttl += bytes_this; // ... length = htons(*(u_int16_t *) packet); if (length > PPTP_MAX_CTRL_PCKT_SIZE) { // abort } Looks good so far, except: bytes_this = read(clientFd, packet + bytes_ttl, length - bytes_ttl); If given length was 0 or 1, the "length - bytes_ttl" result is -1 or -2, which means that it reads unlimited amount of data from client into "packet", which is a buffer located in stack. The exploitability only depends on if libc allows the size parameter to be larger than SSIZE_MAX bytes. GLIBC does, Solaris and *BSD don't." Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=104994375011406&w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-dialup/pptpd upgrade to pptpd-1.1.3.20030409 as follows: emerge sync emerge pptpd emerge clean . Important security flaw resolved in Gentoo's pptpd. Users must upgrade to the latest version to maintain safety.. Gentoo Security,PPTP Exploit,Remote Buffer Overflow,Linux Security Update. . Severity: Critical. LinuxSecurity.com Team
Apr 28, 2003
•Critical
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!