Debian Security Advisory DSA 1288-1 (pptpd) Network Vulnerability

Summary

The remote host is missing an update to pptpd announced via advisory DSA 1288-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201288-1

Insight

It was discovered that the PoPToP Point to Point Tunneling Server contains a programming error, which allows the tear-down of a PPTP connection through a malformed GRE packet, resulting in denial of service. The oldstable distribution (sarge) is not affected by this problem. For the stable distribution (etch) this problem has been fixed in version 1.3.0-2etch1. For the unstable distribution (sid) this problem has been fixed in version 1.3.4-1. We recommend that you upgrade your pptpd packages.

Severity

Classification

CVE CVE-2007-0244
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 025-1 (openssh)
Debian Security Advisory DSA 1147-1 (drupal)
Debian Security Advisory DSA 1064-1 (cscope)
Debian Security Advisory DSA 1065-1 (hostapd)
Debian Security Advisory DSA 1121-1 (postgrey)

Take action and discover your vulnerabilities