| Summary: | net-dialup/pptpd DoS (CVE-2007-0244) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | mrness, pva |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.securityfocus.com/archive/1/467997/30/0/ | ||
| Whiteboard: | B3 [glsa] jaervosz | ||
| Package list: | Runtime testing required: | --- | |
Alin please provide an updated ebuild and don't mention the security issue in the Changelog (for now at least). net-dialup/pptpd-1.3.4 has already been added to the tree, thanks to Peter (aka pva@g.o). This version already have the fix in it. x86 team, please mark it stable. Thx for the quick response again Alin. CC'ing tsunam instead of an alias that is unable to see this bug. This one is public now. x86 please test and mark stable. my bad I somehow overlooked this with the other recent security bugs fixed now, sorry about the delay guys :/ Thx Joshua. Reopening for GLSA decision. Remote DoS. People should know about that, so I vote for GLSA. I vote yes due to remote DoS, like pva said. I vote YES as well so let's have a GLSA. GLSA 200705-18 |
Reported by Debian: Hi, James Cameron of HP informed us about a remote DoS in pptpd; malformed GRE packets can terminate PPTP connections. Cheers, Moritz --- pptpd-1.3.3/pptpgre.c 2006-03-28 08:39:05.000000000 +1100 +++ pptpd-1.3.4/pptpgre.c 2007-04-16 10:21:02.000000000 +1000 @@ -342,7 +342,7 @@ struct pptp_gre_header *header; int status, ip_len = 0; - dequeue_gre(cb, fd); + dequeue_gre(cb, cl); if ((status = read(fd, buffer, sizeof(buffer))) <= 0) { syslog(LOG_ERR, "GRE: read(fd=%d,buffer=%lx,len=%d) from network failed: status = %d error = %s", fd, (unsigned long) buffer, sizeof(buffer), status, status ? strerror(errno) : "No error");