Vulnerability Note VU#673993
PopTop PPTP Server contains buffer overflow in "ctrlpacket.c"
Overview
There is a remotely exploitable buffer overflow in PopTop. An exploit for this vulnerability exists and is publicly available.
Description
From the PopTop web site: PopToP is the PPTP server solution for Linux (ports exist for Solaris 2.6, OpenBSD and FreeBSD and others). |
Impact
A remote attacker may be able to crash the PPTP server or execute arbitrary code with the privileges of the PopTop server. |
Solution
Upgrade to the latest version of PopTop. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Debian | Affected | 29 Apr 2003 | 01 May 2003 |
| Gentoo Linux | Affected | - | 29 Apr 2003 |
| PopTop | Affected | - | 29 Apr 2003 |
| Red Hat Inc. | Not Affected | 29 Apr 2003 | 30 Apr 2003 |
| Conectiva | Unknown | 29 Apr 2003 | 29 Apr 2003 |
| Engarde | Unknown | 29 Apr 2003 | 29 Apr 2003 |
| Hewlett-Packard Company | Unknown | 29 Apr 2003 | 29 Apr 2003 |
| Ingrian Networks | Unknown | 29 Apr 2003 | 29 Apr 2003 |
| MandrakeSoft | Unknown | 29 Apr 2003 | 29 Apr 2003 |
| MontaVista Software | Unknown | 29 Apr 2003 | 29 Apr 2003 |
| Openwall GNU/*/Linux | Unknown | 29 Apr 2003 | 29 Apr 2003 |
| SCO | Unknown | 29 Apr 2003 | 29 Apr 2003 |
| Sequent | Unknown | 29 Apr 2003 | 29 Apr 2003 |
| Sun Microsystems Inc. | Unknown | 29 Apr 2003 | 29 Apr 2003 |
| SuSE Inc. | Unknown | 29 Apr 2003 | 29 Apr 2003 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://opensource.lineo.com/cgi-bin/cvsweb/~checkout~/poptop/ctrlpacket.c?rev=1.1.1.1&content-type=text/plain&sortby=file
- http://sourceforge.net/mailarchive/forum.php?thread_id=1947395&forum_id=8250
- http://marc.theaimsgroup.com/?l=bugtraq&m=105068728421160&w=2
- http://marc.theaimsgroup.com/?l=bugtraq&m=105154539727967&w=2
- http://www.poptop.org/
Credit
This vulnerability was discovered by Timo Sirainen.
This document was written by Ian A Finlay.
Other Information
- CVE IDs: CAN-2003-0213
- Date Public: 09 Apr 2003
- Date First Published: 29 Apr 2003
- Date Last Updated: 01 May 2003
- Severity Metric: 27.75
- Document Revision: 9
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.