Bugzilla – Bug 41508
VUL-0: CVE-2003-0213: pptp: exploit against pptp daemon
Last modified: 2021-09-29 14:36:57 UTC
There is a pptp daemon buffer overflow exploit around, see: http://www.securityfocus.com/archive/1/319746/2003-04-25/2003-05-01/0
<!-- SBZ_reproduce --> run exploit found in uzrl? dunno
*** Bug 41509 has been marked as a duplicate of this bug. ***
Thanks for the bugzilla entry, we know it. Sebastian will be working on this. R.
I'm updating the packages right now, many (all) dists are affected, so it will be some updates. will submit them then to autobuild.
Submitted these updates: source got from(/work/SRC/...) submitted to to fix dists: old-versions/7.0-server/all/pptpd /work/src/done/7.0-server 7.0-server-i386 old-versions/7.1/all/pptpd /work/src/done/7.1 7.1-* old-versions/7.2/all/pptpd /work/src/done/7.2 7.2-* sles7-* old-versions/7.3/all/pptpd /work/src/done/7.3 7.3-* sles7-ppc old-versions/8.0/all/pptpd /work/src/done/8.0 8.0-* old-versions/8.1/UL/all/pptpd /work/src/done/8.1 8.1-* sles8-* ul1-* old-versions/8.2/all/pptpd /work/src/done/8.2 8.2-* all/pptpd /work/src/done/STABLE STABLE Changes: -------- > Mon May 12 17:14:14 CEST 2003 - bk@suse.de > > - fix pptp daemon buffer overflow with controlpacket length(#26508) > > ------------------------------------------------------------------- New: ---- ctrlpacket-syslog.dif +Patch: ctrlpacket-syslog.dif +%patch -p1 l -G /work/src/done/STABLE/pptpd total 269 drwxr-xr-x 2 bk 384 2003-05-12 19:56 ./ drwxrwxrwt 32 root 912 2003-05-12 23:02 ../ -rw-r--r-- 1 bk 3478 2002-08-20 12:21 LIESMICH.SuSE -rw-r--r-- 1 bk 2806 2002-08-20 12:21 README.SuSE -rw-r--r-- 1 bk 957 2003-05-12 17:08 ctrlpacket-syslog.dif -rw-r--r-- 1 bk 94 2002-08-20 12:21 options.ppp0 -rw-r--r-- 1 bk 116040 2002-08-20 12:21 pptp-install.tar.gz -rw-r--r-- 1 bk 115418 2002-08-20 12:21 pptpd-1.1.2.tar.gz -rw-r--r-- 1 bk 2108 2003-05-12 17:25 pptpd.changes -rw-r--r-- 1 bk 2417 2002-08-20 12:21 pptpd.conf -rw-r--r-- 1 bk 4238 2003-05-12 17:24 pptpd.spec -rw-r--r-- 1 bk 1146 2002-09-17 15:41 rcpptpd cd /work/src/done l -Gd */pptpd drwxr-xr-x 2 bk 496 2003-05-12 19:57 7.0-server/pptpd/ drwxr-xr-x 2 bk 496 2003-05-12 19:57 7.1/pptpd/ drwxr-xr-x 2 bk 496 2003-05-12 17:25 7.2/pptpd/ drwxr-xr-x 2 bk 496 2003-05-12 17:25 7.3/pptpd/ drwxr-xr-x 2 bk 464 2003-05-12 20:43 8.0/pptpd/ drwxr-xr-x 2 bk 384 2003-05-12 19:56 8.1/pptpd/ drwxr-xr-x 2 bk 424 2003-05-12 20:43 8.2/pptpd/ drwxr-xr-x 2 bk 384 2003-05-12 19:56 SLES8/pptpd/ drwxr-xr-x 2 bk 384 2003-05-12 19:56 STABLE/pptpd/ drwxr-xr-x 2 bk 384 2003-05-12 19:56 UL1/pptpd/ Have fun... ;-)
I forgot to submit the patchinfos. Luckily this gives is the chance to provide our Maintenance customers with an fix as early as the Box clients get it if I submit the packages with patchinfos again when Maintenance is done. I've also confused the fix for 8.2, where the patch is not added, but I've copied the whole set of packages needed for putonftps with the 8.2 package fixed to ~bk/packages/submit/done/* This can be copied to /work/src/done/ (cp -ap ~bk/packages/submit/done /work/src) when maintenance is ready.(putonftps are included in the directories already)
bk submitted packages, pending approval from QA
CVE-2003-0213 I think.
CVE-2003-0213: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)