Re: How secure is PPTP
From: null@void.netDate: 09/26/02
- Next message: : "Re: Unexplained FW-1 kernel log message"
- Previous message: NeoSadist: "Re: where is it.... ?"
- In reply to: Patrick Ford: "How secure is PPTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: <null@void.net> Date: Thu, 26 Sep 2002 11:26:25 -0700
In article <c857619b.0209260646.33b5e761@posting.google.com>,
pford@bcm.tmc.edu says...
> Greetings:
>
> How secure is PPTP?
>
> I have been getting information from my IS department that frequently
> fails verification once I dig it to it. One of these "facts" is that
> PPTP is insecure and untrustworthy. I am not working in an area where
> there are great secrets, just regulatory concerns regarding patient
> confidentiality, i.e. HIPAA.
>
> The independent information I have seen is (1) IPSec is better, (2)
> there were a lot of problems with PPTP early on but MicroSoft has
> addressed and fixed them and now (3) PPTP is good enough.
>
> So what is the truth here?
>
> Thanks
>
> Patrick Ford
> pford@bcm.tmc.edu
>
This was recently posted to Bugtrak.
=====
phion Security Advisory 26/09/2002
Microsoft PPTP Server and Client remote vulnerability
Summary
-----------------------------
The Microsoft PPTP Service shipping with Windows 2000 and XP contains
a remotely exploitable pre-authentication bufferoverflow.
Affected Systems
-----------------------------
Microsoft Windows 2000 and XP running either a PPTP Server or Client.
Impact
-----------------------------
With a specially crafted PPTP packet it is possible to overwrite
kernel memory.
A DoS resulting in a lockup of the machine has been verified on
Windows 2000 SP3 and Windows XP.
A remote compromise should be possible deploying proper shellcode, as
we were able to fill EDI and EDX with our data.
Clients are vulnerable too, because the Service always listens on
port 1723 on any interface of the machine, this might be of special
concern to DSL users which use PPTP to connect to their modem.
Solution
-----------------------------
As a temporary solution for the Client issue, one might firewall the
PPTP port in the Internet Connection Firewall for Windows XP.
We dont know of any solution for Windows 2000 and Windows XP PPTP
servers.
The vendor has been informed.
Acknowledgements
-----------------------------
The bug has been discovered by Stephan Hoffmann and Thomas
Unterleitner on behalf of phion Information Technologies.
Contact Information
-----------------------------
phion Information Technologies can be reached via:
office@phion.com / http://www.phion.com
Stephan Hoffmann can be reached via:
sh@phion.com
Thomas Unterleitner can be reached via:
t.unterleitner@phion.com
References
-----------------------------
[1] phion Information Technologies
http://www.phion.com/
Exploit
-----------------------------
phion Information Technologies will not provide an exploit for this
issue.
Disclaimer
-----------------------------
This advisory does not claim to be complete or to be usable for any
purpose.
This advisory is free for open distribution in unmodified form.
Articles or Publications that are based on information from this
advisory have to include link [1].
- Next message: : "Re: Unexplained FW-1 kernel log message"
- Previous message: NeoSadist: "Re: where is it.... ?"
- In reply to: Patrick Ford: "How secure is PPTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
