Re: [ GLSA 200411-01 ] ppp: Remote denial of service vulnerability

From: Paul Mackerras (paulus_at_samba.org)
Date: 11/02/04

  • Next message: Thierry Carrez: "[Full-Disclosure] [ GLSA 200411-05 ] libxml2: Remotely exploitable buffer overflow"
    Date: Tue, 2 Nov 2004 10:12:30 +1100
    To: Luke Macken <lewk@gentoo.org>
    
    

    Luke Macken writes:

    > The pppd server improperly verifies header fields, making it vulnerable
    > to denial of service attacks.
    >
    > Impact
    > ======
    >
    > An attacker can cause the pppd server to access memory that it isn't
    > allowed to, causing the server to crash. No code execution is possible
    > with this vulnerability, because no data is getting copied.

    Furthermore, only the connection to the attacker will be affected,
    since a separate pppd process handles each ppp connection. In other
    words, an attacker can terminate their own connection, but they can
    not affect any other connection, or prevent new connections from being
    established. Given that, I don't think that this is even a DoS
    vulnerability.

    Paul.


  • Next message: Thierry Carrez: "[Full-Disclosure] [ GLSA 200411-05 ] libxml2: Remotely exploitable buffer overflow"

    Relevant Pages

    • [NT] Vulnerabilities in TCP/IP Allow Remote Code Execution and DoS (MS05-019)
      ... Validation, ICMP Connection Reset, ICMP Path MTU, TCP Connection Reset and ... An attacker who successfully exploited the most severe of these ... vulnerabilities could take complete control of an affected system. ... * ICMP Connection Reset Vulnerability - CAN-2004-0790 ...
      (Securiteam)
    • Re: [Full-disclosure] Packet sniffing help needed
      ... > Comp1= Windows xp box, Connected via dial up to a free ISP ... accessed a standard POP3 or FTP server over an insecure connection (i.e. ... The attacker doesn't really have to do anything ... But if the user dismisses this warning without ...
      (Full-Disclosure)
    • Re: wireless help
      ... With some Mac and ip list restrict to your user only, ... if the attacker as an ip and a mac but cant use any services ... the victim, the victim, is out, and the attacker can get is connection. ... be encryption like VPN or IPSec, I suspect. ...
      (Security-Basics)
    • Re: Surely an attacker cant *completely* hide his ip address?
      ... ]I have IPCop currently set up as a linux NAT firewall box but I want ... ]very difficult to track down an attacker. ... have proper log files to record the IP of the person who broke into his ... ]way he could disguise this first step without hijacking a connection ...
      (comp.os.linux.security)
    • [Full-Disclosure] Re: [ GLSA 200411-01 ] ppp: Remote denial of service vulnerability
      ... > An attacker can cause the pppd server to access memory that it isn't ... > with this vulnerability, because no data is getting copied. ... Furthermore, only the connection to the attacker will be affected, ...
      (Full-Disclosure)