|
Family: Debian Local Security Checks --> Category: infos
[DSA295] DSA-295-1 pptpd Vulnerability Scan
Vulnerability Scan Summary DSA-295-1 pptpd
Detailed Explanation for this Vulnerability Test
Timo Sirainen discovered a vulnerability in pptpd, a Point to Point
Tunneling Server, which implements PPTP-over-IPSEC and is commonly
used to create Virtual Private Networks (VPN). By specifying a small
packet length a possible hacker is able to overflow a buffer and execute
code under the user id that runs pptpd, probably root. An exploit for
this problem is already circulating.
For the stable distribution (woody) this problem has been fixed in
version 1.1.2-1.4.
For the old stable distribution (potato) this problem has been
fixed in version 1.0.0-4.2.
For the unstable distribution (sid) this problem has been fixed in
version 1.1.4-0.b3.2.
We recommend that you upgrade your pptpd package immediately.
Solution : http://www.debian.org/security/2003/dsa-295
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|