SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Ppp Vendors:   Samba.org
(OpenBSD Issues Fix) Samba pppd Callback Control Protocol Pointer Dereference May Let Remote Users Deny Service
SecurityTracker Alert ID:  1012177
SecurityTracker URL:  http://securitytracker.com/id/1012177
CVE Reference:   CVE-2004-1002   (Links to External Site)
Date:  Nov 11 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.4.1
Description:   A vulnerability was reported in Samba's pppd. A remote user may be able to cause denial of service conditions on the target system.

sean reported that a remote user can send specially crafted Callback Control Protocol header fields to trigger a pointer dereference and cause the target pppd server to access unauthorized memory locations. This may allow the remote user to cause denial of service conditions by repeating the process.

The flaw resides in '/pppd/cbcp.c'.

Impact:   A remote user may be able to cause denial of service conditions on the target system.
Solution:   OpenBSD has issued the following patches:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/033_pppd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/022_pppd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/003_pppd.patch

Vendor URL:  www.samba.org/ppp/ (Links to External Site)
Cause:   Boundary error, State error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.4, 3.5, 3.6

Message History:   This archive entry is a follow-up to the message listed below.
Oct 27 2004 Samba pppd Callback Control Protocol Pointer Dereference May Let Remote Users Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC