Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0213

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0213
Last Modified 05 Sep 2008 04:33:46
Published 12 May 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0213

Summary

ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.

Vulnerable Systems

Application

  • Poptop Pptp Server 1.0.1

  • Poptop Pptp Server 1.1.2

  • Poptop Pptp Server 1.1.3

  • Poptop Pptp Server 1.1.3 2002-10-09

  • Poptop Pptp Server 1.1.4b1

  • Poptop Pptp Server 1.1.4b2


References

CERT-VN - VU#673993

BID - 7316

BUGTRAQ - 20030409 PoPToP PPTP server remotely exploitable buffer overflow

DEBIAN - DSA-295

SUSE - SuSE-SA:2003:029

BUGTRAQ - 20030418 Exploit for PoPToP PPTP server

BUGTRAQ - 20030422 Re: Exploit for PoPToP PPTP server - Linux version

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=138437

BUGTRAQ - 20030428 GLSA: pptpd (200304-08)


Last Updated: 27 May 2016 10:37:49