| VID |
13019 |
| Severity |
40 |
| Port |
1701 |
| Protocol |
UDP |
| Class |
L2TP |
| Detailed Description |
The remote host is running a version of l2tpd which is prior to 0.69.
L2tpd is a GPL implementation of the Layer 2 Tunneling Protocol. L2tpd versions 0.69 prior fail to check the boundary in the write_packet() function in control.c, resulting in a buffer overflow. By establishing an L2TP tunnel and then sending a specially crafted packet, a remote attacker could overflow a buffer and crash the service or possibly execute arbitrary code with the privileges of the user running l2tpd.
* Note: This check solely relied on the version number of the remote l2tpd server to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=6726
http://www.secunia.com/advisories/11788
http://www.secunia.com/advisories/12096
http://www.secunia.com/advisories/12128
* Platforms Affected:
L2tpd versions 0.69 prior
Linux Any version |
| Recommendation |
Upgrade to the latest version of l2tpd (0.69 or later), available from L2TPD download site at http://www.l2tpd.org/download.html
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest l2tpd package (0.67-1.2 or later), as listed in Debian Security Advisory DSA-530-1 at http://www.debian.org/security/2004/dsa-530
For Gentoo Linux:
Upgrade to the latest version of l2tpd (0.69-r2 or later), as listed in Gentoo Linux Security Advisory GLSA 200407-17 at http://www.gentoo.org/security/en/glsa/glsa-200407-17.xml
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2004-0649 (CVE) |
| Related URL |
10466 (SecurityFocus) |
| Related URL |
16326 (ISS) |
|
