Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200407-17] l2tpd: Buffer overflow Vulnerability Scan
Vulnerability Scan Summary
l2tpd: Buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200407-17
(l2tpd: Buffer overflow)
Thomas Walpuski discovered a buffer overflow that may be exploitable by
sending a specially crafted packet. In order to exploit the vulnerable
code, a possible hacker would need to fake the establishment of an L2TP tunnel.
A remote attacker may be able to execute arbitrary code with the rights
of the user running l2tpd.
There is no known workaround for this vulnerability.
All users are recommended to upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=net-l2tpd-0.69-r2"
# emerge ">=net-l2tpd-0.69-r2"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.