Executive Summary
| Summary | |
|---|---|
| Title | New pptpd packages fix remote root exploit |
| Informations | |||
|---|---|---|---|
| Name | DSA-295 | First vendor Publication | 2003-04-30 |
| Vendor | Debian | Last vendor Modification | 2003-04-30 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Timo Sirainen discovered a vulnerability in pptpd, a Point to Point Tunneling Server, which implements PPTP-over-IPSEC and is commonly used to create Virtual Private Networks (VPN). By specifying a small packet length an attacker is able to overflow a buffer and execute code under the user id that runs pptpd, probably root. An exploit for this problem is already circulating. For the stable distribution (woody) this problem has been fixed in version 1.1.2-1.4. For the old stable distribution (potato) this problem has been fixed in version 1.0.0-4.2. For the unstable distribution (sid) this problem has been fixed in version 1.1.4-0.b3.2. We recommend that you upgrade your pptpd package immediately. |
Original Source
| Url : http://www.debian.org/security/2003/dsa-295 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 295-1 (pptpd) File : nvt/deb_295_1.nasl |
| 2005-11-03 | Name : PPTP overflow File : nvt/poptop_negative_read.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 3293 | PoPToP PPTP ctrlpacket.c Negative Read Remote Overflow The PoPToP PPTP Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the server receives a malicious packet with the length field to set either zero or one. This causes a read operation to use a negative value, allowing sensitive memory regions to be overwritten with user-supplied data. It is possible that the flaw may allow arbitrary code execution on the Linux platform, resulting in a loss of integrity or availability. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | PPTP echo request buffer overflow attempt RuleID : 3664 - Revision : 16 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-295.nasl - Type : ACT_GATHER_INFO |
| 2003-04-16 | Name : Arbitrary code may be run on the remote server. File : poptop_negative_read.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:32:36 |
|
| 2014-01-19 21:29:39 |
|
