search menu icon-carat-right cmu-wordmark

CERT Coordination Center

PopTop PPTP Server contains buffer overflow in "ctrlpacket.c"

Vulnerability Note VU#673993

Original Release Date: 2003-04-29 | Last Revised: 2003-05-01

Overview

There is a remotely exploitable buffer overflow in PopTop. An exploit for this vulnerability exists and is publicly available.

Description

From the PopTop web site:

PopToP is the PPTP server solution for Linux (ports exist for Solaris 2.6, OpenBSD and FreeBSD and others).
A buffer overflow exists in ctrlpacket.c, which is used to control message packet reading, formatting, and writing. For further technical details, please see the original report.

Impact

A remote attacker may be able to crash the PPTP server or execute arbitrary code with the privileges of the PopTop server.

Solution

Upgrade to the latest version of PopTop.

Vendor Information

673993
 

View all 16 vendors View less vendors


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was discovered by Timo Sirainen.

This document was written by Ian A Finlay.

Other Information

CVE IDs: CVE-2003-0213
Severity Metric: 27.75
Date Public: 2003-04-09
Date First Published: 2003-04-29
Date Last Updated: 2003-05-01 13:53 UTC
Document Revision: 9

Sponsored by CISA.