Lucene search

Gentoo FoundationGLSA-200407-17

HistoryJul 22, 2004 - 12:00 a.m.

l2tpd: Buffer overflow

2004-07-2200:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.035

Percentile

91.6%

JSON

Background

l2tpd is a GPL implentation of the Layer 2 Tunneling Protocol.

Description

Thomas Walpuski discovered a buffer overflow that may be exploitable by sending a specially crafted packet. In order to exploit the vulnerable code, an attacker would need to fake the establishment of an L2TP tunnel.

Impact

A remote attacker may be able to execute arbitrary code with the privileges of the user running l2tpd.

Workaround

There is no known workaround for this vulnerability.

Resolution

All users are recommended to upgrade to the latest stable version:

 # emerge sync

 # emerge -pv "&gt;=net-l2tpd-0.69-r2"
 # emerge "&gt;=net-l2tpd-0.69-r2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-dialup/l2tpd< 0.69-r2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-dialup/l2tpd	< 0.69-r2	UNKNOWN

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.035

Percentile

91.6%

JSON

Related for GLSA-200407-17