remote code execution in pptpd

2003-06-0615:01:01

lists.opensuse.org

0.306 Low

EPSS

Percentile

96.5%

JSON

The PPTP daemon contains a remotely exploitable buffer overflow which was introduced due to a integer overflow in the third argument passed to the read() library call. This bug has been fixed. Since there is no workaround other than shutting down the PPTP daemon an update is strongly recommended if you need a PPTP server running.

OSVersionArchitecturePackageVersionFilename
openSUSE7.3sparcpptpd< 1.1.2-132pptpd-1.1.2-132.sparc.rpm
openSUSE7.2i386pptpd< 1.1.2-411pptpd-1.1.2-411.i386.rpm
openSUSE7.3ppcpptpd< 1.1.2-262pptpd-1.1.2-262.ppc.rpm
openSUSE8.0i386pptpd< 1.1.2-412pptpd-1.1.2-412.i386.rpm
openSUSE7.3i386pptpd< 1.1.2-412pptpd-1.1.2-412.i386.rpm
openSUSE8.2i586pptpd< 1.1.2-418pptpd-1.1.2-418.i586.rpm
openSUSE8.1i586pptpd< 1.1.2-413pptpd-1.1.2-413.i586.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	7.3	sparc	pptpd	< 1.1.2-132	pptpd-1.1.2-132.sparc.rpm
openSUSE	7.2	i386	pptpd	< 1.1.2-411	pptpd-1.1.2-411.i386.rpm
openSUSE	7.3	ppc	pptpd	< 1.1.2-262	pptpd-1.1.2-262.ppc.rpm
openSUSE	8.0	i386	pptpd	< 1.1.2-412	pptpd-1.1.2-412.i386.rpm
openSUSE	7.3	i386	pptpd	< 1.1.2-412	pptpd-1.1.2-412.i386.rpm
openSUSE	8.2	i586	pptpd	< 1.1.2-418	pptpd-1.1.2-418.i586.rpm
openSUSE	8.1	i586	pptpd	< 1.1.2-413	pptpd-1.1.2-413.i586.rpm

0.306 Low

EPSS

Percentile

96.5%

JSON

Related for SUSE-SA:2003:029