PPP: Buffer overflow — GLSA 201701-50

A buffer overflow in PPP might allow remote attackers to cause a Denial of Service condition.

Affected packages

net-dialup/ppp on all architectures
Affected versions < 2.4.7-r3
Unaffected versions >= 2.4.7-r3

Background

PPP is a Unix implementation of the Point-to-Point Protocol

Description

A buffer overflow was discovered in the rc_mksid function in plugins/radius/util.c in PPP when the PID for pppd is greater than 65535.

Impact

A remote attacker could cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All PPP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-dialup/ppp-2.4.7-r3"
 

References

Release date
January 23, 2017

Latest revision
January 23, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries