[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] DoS in rp-pppoe package

To: linux-security
Subject: [linux-security] DoS in rp-pppoe package
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 21 Dec 2000 17:08:33 -0800
User-Agent: Mutt/1.2i

Topic
=====
Denial-of-Service vulnerability in rp-pppoe package

Problem description
===================
PPPoE (Point-to-Point Protocol over Ethernet) is a protocol used by
many ADSL Internet Service Providers.

Versions of rp-pppoe prior to 2.5 have a security problem that,
when exploited, causes the connection to be dropped.  If rp-pppoe
receives a crafted TCP segment with an option where the option-length
field is zero (illegal), the program would enter an infinite loop and
the connection would time-out and be dropped.  This is only possible
if the user uses the "Clamp MSS" option.

Affected Systems
================
Systems with rp-pppoe with versions < 2.5 installed.

Solution
========
upgrade to version 2.5

RedHat 7.0
rpm -Fvh rp-pppoe-2.5-1.i386.rpm

Mandrake 7.1
rpm -Fvh rp-pppoe-2.5-2.1mdk.i586.rpm

Mandrake 7.2
rpm -Fvh rp-pppoe-2.5-2.2mdk.i586.rpm

Prev by Date: [linux-security] Zope vulnerabilities
Next by Date: [linux-security] another Zope hotfix for RedHat
Prev by thread: [linux-security] another Zope hotfix for RedHat
Next by thread: [linux-security] Zope vulnerabilities
Index(es):
- Date
- Thread