Nessus Plugin #15132
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[DSA295] DSA-295-1 pptpd
- Family:
- Debian Local Security Checks
- Category:
- infos
- Copyright:
- This script is (C) 2004 Michel Arboi
- Summary:
- DSA-295-1 pptpd
- Version:
- $Revision: 1.4 $
- Cve_id:
- CAN-2003-0213
- Bugtraq_id:
- 7316
- Xrefs:
- DSA:295
- Description:
Timo Sirainen discovered a vulnerability in pptpd, a Point to Point
Tunneling Server, which implements PPTP-over-IPSEC and is commonly
used to create Virtual Private Networks (VPN). By specifying a small
packet length an attacker is able to overflow a buffer and execute
code under the user id that runs pptpd, probably root. An exploit for
this problem is already circulating.
For the stable distribution (woody) this problem has been fixed in
version 1.1.2-1.4.
For the old stable distribution (potato) this problem has been
fixed in version 1.0.0-4.2.
For the unstable distribution (sid) this problem has been fixed in
version 1.1.4-0.b3.2.
We recommend that you upgrade your pptpd package immediately.
Solution : http://www.debian.org/security/2003/dsa-295
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.