From ${URL} : A buffer overflow flaw was found in the way PPP's RADIUS plug-in processed a "start" accounting message if the PID of the pppd process is greater than 65535. A remote attacker could use this flaw to crash pppd. CVE request with additional impact details: http://seclists.org/oss-sec/2015/q2/119 Original report (including a proposed patch): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782450 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2015-3310 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3310): Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.
@ Maintainer(s): We are already carrying a bunch of patches. Can't we also include https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=ppp_2.4.6-3.1-nmu.diff;att=1;bug=782450 to patch this vulnerability?
commit e99f5f5cdb87fb864e43b90922cbd2e3a675ae8a Author: Lars Wendler <polynomial-c@gentoo.org> Date: Tue Nov 22 14:47:53 2016 net-dialup/ppp: Security revbump to fix CVE-2015-3310 (bug #546554). Package-Manager: portage-2.3.2 I wanna wait a bit with stabilization as I also added a new eap-tls patch which I first want to have settled a bit.
@ Arches, please test and mark stable: =net-dialup/ppp-2.4.7-r3
Stable on alpha.
amd64 stable
x86 stable
arm stable
sparc stable
ppc stable
Stable for HPPA.
ia64 stable
ppc64 stable. Maintainer(s), please cleanup.
commit 03fd847c2c05a0e7eaf361d0061358b0a0ce41bd Author: Lars Wendler <polynomial-c@gentoo.org> Date: Wed Jan 18 16:59:45 2017 net-dialup/ppp: Security cleanup (bug #546554). Package-Manager: Portage-2.3.3, Repoman-2.3.1
GLSA request filed.
This issue was resolved and addressed in GLSA 201701-50 at https://security.gentoo.org/glsa/201701-50 by GLSA coordinator Aaron Bauman (b-man).