Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 176936

Summary: net-dialup/pptpd DoS (CVE-2007-0244)
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mrness, pva
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.securityfocus.com/archive/1/467997/30/0/
Whiteboard: B3 [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-03 18:35:39 UTC
Reported by Debian:

Hi,
James Cameron of HP informed us about a remote DoS in pptpd;
malformed GRE packets can terminate PPTP connections.

Cheers,
        Moritz

--- pptpd-1.3.3/pptpgre.c       2006-03-28 08:39:05.000000000 +1100
+++ pptpd-1.3.4/pptpgre.c       2007-04-16 10:21:02.000000000 +1000
@@ -342,7 +342,7 @@
        struct pptp_gre_header *header;
        int status, ip_len = 0;

-       dequeue_gre(cb, fd);
+       dequeue_gre(cb, cl);
        if ((status = read(fd, buffer, sizeof(buffer))) <= 0) {
                syslog(LOG_ERR, "GRE: read(fd=%d,buffer=%lx,len=%d) from network failed: status = %d error = %s",
                       fd, (unsigned long) buffer, sizeof(buffer), status, status ? strerror(errno) : "No error");
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-03 18:36:35 UTC
Alin please provide an updated ebuild and don't mention the security issue in the Changelog (for now at least).
Comment 2 Alin Năstac (RETIRED) gentoo-dev 2007-05-03 20:28:06 UTC
net-dialup/pptpd-1.3.4 has already been added to the tree, thanks to Peter (aka pva@g.o). This version already have the fix in it.

x86 team, please mark it stable.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-04 05:48:11 UTC
Thx for the quick response again Alin.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-05 06:42:09 UTC
CC'ing tsunam instead of an alias that is unable to see this bug.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-09 18:49:19 UTC
This one is public now. x86 please test and mark stable.
Comment 6 Joshua Jackson (RETIRED) gentoo-dev 2007-05-09 19:06:35 UTC
my bad I somehow overlooked this with the other recent security bugs
Comment 7 Joshua Jackson (RETIRED) gentoo-dev 2007-05-09 19:18:58 UTC
fixed now, sorry about the delay guys :/
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-09 19:22:46 UTC
Thx Joshua.

Reopening for GLSA decision.
Comment 9 Peter Volkov (RETIRED) gentoo-dev 2007-05-10 09:18:51 UTC
Remote DoS. People should know about that, so I vote for GLSA.
Comment 10 Vic Fryzel (shellsage) (RETIRED) gentoo-dev 2007-05-11 02:04:41 UTC
I vote yes due to remote DoS, like pva said.
Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-11 07:06:22 UTC
I vote YES as well so let's have a GLSA.
Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-20 07:47:19 UTC
GLSA 200705-18