ID CVE-2002-0873
Summary Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:l2tpd:l2tpd:0.62
    cpe:2.3:a:l2tpd:l2tpd:0.62
  • cpe:2.3:a:l2tpd:l2tpd:0.63
    cpe:2.3:a:l2tpd:l2tpd:0.63
  • cpe:2.3:a:l2tpd:l2tpd:0.64
    cpe:2.3:a:l2tpd:l2tpd:0.64
  • cpe:2.3:a:l2tpd:l2tpd:0.65
    cpe:2.3:a:l2tpd:l2tpd:0.65
  • cpe:2.3:a:l2tpd:l2tpd:0.66
    cpe:2.3:a:l2tpd:l2tpd:0.66
  • cpe:2.3:a:l2tpd:l2tpd:0.67
    cpe:2.3:a:l2tpd:l2tpd:0.67
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-152.NASL
    description Current versions of l2tpd, a layer 2 tunneling client/server program, forgot to initialize the random generator which made it vulnerable since all generated random number were 100% guessable. When dealing with the size of the value in an attribute value pair, too many bytes were able to be copied, which could lead into the vendor field being overwritten. These problems have been fixed in version 0.67-1.1 for the current stable distribution (woody) and in version 0.68-1 for the unstable distribution (sid). The old stable distribution (potato) is not affected, since it doesn't contain the l2tpd package.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 14989
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14989
    title Debian DSA-152-1 : l2tpd - missing random seed
  • NASL family Gain a shell remotely
    NASL id L2TPD_OVERFLOW.NASL
    description The remote host is running a version of l2tpd prior to 0.67. This version is vulnerable to a buffer overflow that could allow an attacker to gain a root shell on this host. In addition, this program does not initialize its random number generator. Therefore, an attacker may predict some key values and hijack L2TP sessions established to this host.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 11388
    published 2003-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11388
    title l2tpd < 0.68 Multiple Vulnerabilities
refmap via4
bugtraq 20020813 New l2tpd release 0.68
debian DSA-152
xf l2tpd-vendor-field-bo(10460)
Last major update 10-09-2008 - 15:13
Published 05-09-2002 - 00:00
Back to Top