59 lines
1.8 KiB
XML
59 lines
1.8 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
<glsa id="200411-01">
|
|
<title>ppp: No denial of service vulnerability</title>
|
|
<synopsis>
|
|
pppd contains a bug that allows an attacker to crash his own connection,
|
|
but it cannot be used to deny service to other users.
|
|
</synopsis>
|
|
<product type="ebuild">ppp</product>
|
|
<announced>2004-11-01</announced>
|
|
<revised count="02">2004-11-02</revised>
|
|
<bug>69152</bug>
|
|
<access>remote</access>
|
|
<affected>
|
|
</affected>
|
|
<background>
|
|
<p>
|
|
ppp is a Unix implementation of the Point-to-Point Protocol.
|
|
</p>
|
|
</background>
|
|
<description>
|
|
<p>
|
|
The pppd server improperly verifies header fields, potentially leading to a
|
|
crash of the pppd process handling the connection. However, since a
|
|
separate pppd process handles each ppp connection, this would not affect
|
|
any other connection, or prevent new connections from being established.
|
|
</p>
|
|
</description>
|
|
<impact type="low">
|
|
<p>
|
|
We incorrectly thought that this bug could be exploited to deny service to
|
|
all ppp users. It is not the case, this bug has no security impact
|
|
whatsoever. Many thanks to Paul Mackerras from the Samba team for
|
|
correcting our mistake.
|
|
</p>
|
|
</impact>
|
|
<workaround>
|
|
<p>
|
|
There is no need for a workaround.
|
|
</p>
|
|
</workaround>
|
|
<resolution>
|
|
<p>
|
|
ppp users can keep their current versions.
|
|
</p>
|
|
</resolution>
|
|
<references>
|
|
<uri link="http://www.securityfocus.com/archive/1/379450">Incorrect BugTraq Advisory</uri>
|
|
</references>
|
|
<metadata tag="requester" timestamp="2004-11-01T10:32:16Z">
|
|
koon
|
|
</metadata>
|
|
<metadata tag="bugReady" timestamp="2004-11-01T10:32:28Z">
|
|
koon
|
|
</metadata>
|
|
<metadata tag="submitter" timestamp="2004-11-01T16:53:20Z">
|
|
lewk
|
|
</metadata>
|
|
</glsa>
|