[USN-12-1] ppp Denial of Service
From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 10/29/04
- Previous message: patryn: "Re: [Full-Disclosure] Slightly off-topic: www.georgewbush.com"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Oct 2004 11:22:04 +0200 To: ubuntu-security-announce@lists.ubuntu.com
===========================================================
Ubuntu Security Notice USN-12-1 October 29, 2004
ppp Denial of Service
http://www.securityfocus.com/archive/1/379450
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
ppp
The problem can be corrected by upgrading the affected packages to
version 2.4.2+20040428-2ubuntu6.2. In general, a standard system
upgrade is sufficient to effect the necessary changes.
Details follow:
It has been discovered that ppp does not properly verify certain data
structures used in the CBCP protocol. This vulnerability could allow
an attacker to cause the pppd server to crash due to an invalid memory
access, leading to a denial of service. However, there is no
possibility of code execution or privilege escalation.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.2+20040428-2ubuntu6.2.diff.gz
Size/MD5: 71343 2cc5486014e37d195fd54b3f2dbd8a31
http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.2+20040428-2ubuntu6.2.dsc
Size/MD5: 661 24d306be11f2ef98b879cb97ffaf6c06
http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.2+20040428.orig.tar.gz
Size/MD5: 801353 cc76377ffca35e745838ab82ea4474cd
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-dev_2.4.2+20040428-2ubuntu6.2_all.deb
Size/MD5: 31824 7d044f9782cded224269c53253e0b0bd
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-udeb_2.4.2+20040428-2ubuntu6.2_amd64.udeb
Size/MD5: 111708 e904c4e2318df41bbd55cb7214e249f6
http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.2+20040428-2ubuntu6.2_amd64.deb
Size/MD5: 309720 776feee80231a3b7f2afaa855dabbf58
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-udeb_2.4.2+20040428-2ubuntu6.2_i386.udeb
Size/MD5: 94838 d3b9d5580e427b876040a07b507d04fc
http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.2+20040428-2ubuntu6.2_i386.deb
Size/MD5: 285512 1a431f211803cf2ae12c5923b72dfbda
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp-udeb_2.4.2+20040428-2ubuntu6.2_powerpc.udeb
Size/MD5: 107248 624f06af49245eecd5f93275497cc58b
http://security.ubuntu.com/ubuntu/pool/main/p/ppp/ppp_2.4.2+20040428-2ubuntu6.2_powerpc.deb
Size/MD5: 308390 df4f46685a94c5c01cf6f4ba1e02704b
- application/pgp-signature attachment: Digital signature
- Previous message: patryn: "Re: [Full-Disclosure] Slightly off-topic: www.georgewbush.com"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
