PPTPD: Denial of Service attack — GLSA 200705-18

A vulnerability has been reported in PPTPD which could lead to a Denial of Service.

Affected packages

net-dialup/pptpd on all architectures
Affected versions < 1.3.4
Unaffected versions >= 1.3.4

Background

PPTPD is a Point-to-Point Tunnelling Protocol Daemon for Linux.

Description

James Cameron from HP has reported a vulnerability in PPTPD caused by malformed GRE packets.

Impact

A remote attacker could exploit this vulnerability to cause a Denial of Service on the PPTPD connection.

Workaround

There is no known workaround at this time.

Resolution

All PPTPD users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-dialup/pptpd-1.3.4"

References

Release date
May 20, 2007

Latest revision
May 20, 2007: 01

Severity
normal

Exploitable
remote

Bugzilla entries