|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200411-01] ppp: Remote denial of service vulnerability Vulnerability Scan
Vulnerability Scan Summary ppp: Remote denial of service vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200411-01
(ppp: Remote denial of service vulnerability)
The pppd server improperly verifies header fields, making it vulnerable to
denial of service attacks.
Impact
A possible hacker can cause the pppd server to access memory that it isn't
allowed to, causing the server to crash. No code execution is possible with
this vulnerability, because no data is getting copied.
Workaround
There is no known workaround at this time.
References:
http://www.securityfocus.com/archive/1/379450
Solution:
All ppp users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dialup/ppp-2.4.2-r7"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|