ID CVE-2004-1002
Summary Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.
References
Vulnerable Configurations
  • Samba ppp 2.4.1
    cpe:2.3:a:samba:ppp:2.4.1
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family Gentoo Local Security Checks
NASL id GENTOO_GLSA-200411-01.NASL
description The remote host is affected by the vulnerability described in GLSA-200411-01 (ppp: Remote denial of service vulnerability) The pppd server improperly verifies header fields, making it vulnerable to denial of service attacks. Impact An attacker can cause the pppd server to access memory that it isn't allowed to, causing the server to crash. No code execution is possible with this vulnerability, because no data is getting copied. Workaround There is no known workaround at this time.
last seen 2016-09-26
modified 2004-11-02
plugin id 15589
published 2004-11-02
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=15589
title [GLSA-200411-01] ppp: Remote denial of service vulnerability
refmap via4
bugtraq 20041026 pppd out of bounds memory access, possible DOS
ubuntu USN-12-1
xf ppp-ccp-headers-dos(17874)
statements via4
contributor Mark J Cox
lastmodified 2006-08-30
organization Red Hat
statement This issue is only will only cause a denial of service on the connection the attacker is using. It therefore is not a security issue.
Last major update 07-12-2016 - 21:59
Published 01-03-2005 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top