SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#673993

PopTop PPTP Server contains buffer overflow in "ctrlpacket.c"

Overview

There is a remotely exploitable buffer overflow in PopTop. An exploit for this vulnerability exists and is publicly available.

I. Description

From the PopTop web site:

    PopToP is the PPTP server solution for Linux (ports exist for Solaris 2.6, OpenBSD and FreeBSD and others).

A buffer overflow exists in ctrlpacket.c, which is used to control message packet reading, formatting, and writing. For further technical details, please see the original report.

II. Impact

A remote attacker may be able to crash the PPTP server or execute arbitrary code with the privileges of the PopTop server.

III. Solution

Upgrade to the latest version of PopTop.

Systems Affected

VendorStatusDate NotifiedDate Updated
ConectivaUnknown29-Apr-2003
DebianVulnerable1-May-2003
EngardeUnknown29-Apr-2003
Gentoo LinuxVulnerable29-Apr-2003
Hewlett-Packard CompanyUnknown29-Apr-2003
Ingrian NetworksUnknown29-Apr-2003
MandrakeSoftUnknown29-Apr-2003
MontaVista SoftwareUnknown29-Apr-2003
Openwall GNU/*/LinuxUnknown29-Apr-2003
PopTopVulnerable29-Apr-2003
Red Hat Inc.Not Vulnerable30-Apr-2003
SCOUnknown29-Apr-2003
SequentUnknown29-Apr-2003
Sun Microsystems Inc.Unknown29-Apr-2003
SuSE Inc.Unknown29-Apr-2003
WirexUnknown29-Apr-2003

References


http://opensource.lineo.com/cgi-bin/cvsweb/~checkout~/poptop/ctrlpacket.c?rev=1.1.1.1&content-type=text/plain&sortby=file
http://sourceforge.net/mailarchive/forum.php?thread_id=1947395&forum_id=8250
http://marc.theaimsgroup.com/?l=bugtraq&m=105068728421160&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=105154539727967&w=2
http://www.poptop.org/

Credit

This vulnerability was discovered by Timo Sirainen.

This document was written by Ian A Finlay.

Other Information

Date Public:2003-04-09
Date First Published:2003-04-29
Date Last Updated:2003-05-01
CERT Advisory: 
CVE-ID(s):CAN-2003-0213
NVD-ID(s):CAN-2003-0213
US-CERT Technical Alerts: 
Metric:27.75
Document Revision:9

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader