Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 519650 (CVE-2014-3158) - <net-dialup/ppp-2.4.7: integer overflow in option parsing (CVE-2014-3158)
Summary: <net-dialup/ppp-2.4.7: integer overflow in option parsing (CVE-2014-3158)
Status: RESOLVED FIXED
Alias: CVE-2014-3158
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-11 15:37 UTC by Agostino Sarubbo
Modified: 2016-02-28 01:07 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-08-11 15:37:59 UTC
From ${URL} :

Upstream released ppp-2.4.7 which fixes a potential security vulnerability:
http://marc.info/?l=linux-ppp&m=140764978420764

There's not much technical details about this issue at this time.


Upstream commit:
https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2014-08-12 05:20:12 UTC
+*ppp-2.4.7 (12 Aug 2014)
+
+  12 Aug 2014; Lars Wendler <polynomial-c@gentoo.org> +ppp-2.4.7.ebuild:
+  Security bump (bug #519650).
+
Comment 2 Sergey Popov (RETIRED) gentoo-dev 2014-08-12 10:27:53 UTC
Thanks for the bump

Arches, please test and mark stable =net-dialup/ppp-2.4.7

Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 3 Agostino Sarubbo gentoo-dev 2014-08-12 15:08:14 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2014-08-12 15:25:31 UTC
x86 stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2014-08-13 12:19:49 UTC
Stable for HPPA.
Comment 6 Agostino Sarubbo gentoo-dev 2014-08-19 07:36:41 UTC
ia64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2014-08-19 08:49:49 UTC
ppc64 stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2014-08-20 11:39:02 UTC
alpha/arm/sparc stable
Comment 9 Agostino Sarubbo gentoo-dev 2014-08-21 09:46:31 UTC
ppc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 10 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-21 10:14:42 UTC
New GLSA request filed
Comment 11 Sergey Popov (RETIRED) gentoo-dev 2014-08-28 11:28:14 UTC
I have masked vulnerable version for now, so cleanup is done. After some amount of time i will purge them and remove the mask.
Comment 12 Michele Santullo 2014-09-11 10:58:03 UTC
Not sure if this is relevant, but on Sabayon Linux I'm unable to connect to the PPTP VPN and found this in journalctl:

pppd[2903]: Plugin /usr/lib64/pppd/2.4.5/nm-pptp-pppd-plugin.so is for pppd version 2.4.6, this is 2.4.7

equery gives this:

# equery l -op net-dialup/ppp
 * Searching for ppp in net-dialup ...
[-P-] [M ] net-dialup/ppp-2.4.4-r25:0
[-P-] [M ] net-dialup/ppp-2.4.5-r3:0
[-P-] [M ] net-dialup/ppp-2.4.6-r3:0/2.4.6
[IP-] [  ] net-dialup/ppp-2.4.7:0/2.4.7

# equery l -op networkmanager
 * Searching for networkmanager ...
[-P-] [M ] net-misc/networkmanager-0.9.6.4:0
[-P-] [M ] net-misc/networkmanager-0.9.8.8:0
[I-O] [  ] net-misc/networkmanager-0.9.8.10-r1:0

# equery l -op networkmanager-pptp
 * Searching for networkmanager-pptp ...
[IP-] [  ] net-misc/networkmanager-pptp-0.9.8.4:0

# equo query belongs /usr/lib64/pppd/2.4.5/nm-pptp-pppd-plugin.so
╠  @@ Ricerca Appartenenza
╠      @@ Pacchetto: net-misc/networkmanager-pptp-0.9.8.4 branch: 5, [__system__] 
╠          Installato:    versione: 0.9.8.4 ~ tag: NoTag ~ revisione: 2
╠          Slot:          0
╠          Homepage:      http://www.gnome.org/projects/NetworkManager/ 
╠          Descrizione:   NetworkManager PPTP plugin 
╠          Licenza:       GPL-2+
╠   Keyword:  /usr/lib64/pppd/2.4.5/nm-pptp-pppd-plugin.so
╠   Trovati:  1 voce

So I can't upgrade networkmanager nor networkmanager-pptp to any later version and the only option I got left was downgrade ppp to 2.4.6. Not sure how the masking/unmasking is managed in Sabayon, but I thought this information could be useful for the upstream. Hope it helps.
Comment 13 Sergey Popov (RETIRED) gentoo-dev 2014-09-16 12:23:06 UTC
(In reply to King_DuckZ from comment #12)
> Not sure if this is relevant, but on Sabayon Linux I'm unable to connect to
> the PPTP VPN and found this in journalctl:
> 
> pppd[2903]: Plugin /usr/lib64/pppd/2.4.5/nm-pptp-pppd-plugin.so is for pppd
> version 2.4.6, this is 2.4.7

Not relevant to this bug, but possibly related to bug #519986
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2014-11-21 03:29:55 UTC
CVE-2014-3158 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3158):
  Integer overflow in the getword function in options.c in pppd in Paul's PPP
  Package (ppp) before 2.4.7 allows attackers to "access privileged options"
  via a long word in an options file, which triggers a heap-based buffer
  overflow that "[corrupts] security-relevant variables."
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2014-12-13 18:29:39 UTC
This issue was resolved and addressed in
 GLSA 201412-19 at http://security.gentoo.org/glsa/glsa-201412-19.xml
by GLSA coordinator Sean Amoss (ackle).
Comment 16 Christohper Harrington 2016-02-28 01:07:10 UTC
(In reply to Sergey Popov from comment #11)
> I have masked vulnerable version for now, so cleanup is done. After some
> amount of time i will purge them and remove the mask.

It's been more than a year, probably safe to drop the vulnerable versions?