K16686 : Point-to-Point Protocol (PPP) vulnerability CVE-2015-3310

2015-05-2700:00:00

my.f5.com

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.068 Low

EPSS

Percentile

93.2%

JSON

Security Advisory Description

Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul’s PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server. (CVE-2015-3310)
Impact
An authenticated remote attacker may be able to cause a denial-of-service (DoS) attack for an ARX system that is configured to perform Radius authentication.

CPENameOperatorVersion
big-ip afmeq11.3.0
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.6.0
big-ip analyticseq11.0.0
big-ip analyticseq11.1.0

Name	Operator	Version
big-ip afm	eq	11.3.0
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.6.0
big-ip analytics	eq	11.0.0
big-ip analytics	eq	11.1.0