PPTPD: Denial of Service attack

2007-05-20T00:00:00
ID GLSA-200705-18
Type gentoo
Reporter Gentoo Foundation
Modified 2007-05-20T00:00:00

Description

Background

PPTPD is a Point-to-Point Tunnelling Protocol Daemon for Linux.

Description

James Cameron from HP has reported a vulnerability in PPTPD caused by malformed GRE packets.

Impact

A remote attacker could exploit this vulnerability to cause a Denial of Service on the PPTPD connection.

Workaround

There is no known workaround at this time.

Resolution

All PPTPD users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-dialup/pptpd-1.3.4"