ID CVE-2007-0244
Summary pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:s390:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:s390:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*
  • cpe:2.3:a:poptop:pptp_server:*:*:*:*:*:*:*:*
    cpe:2.3:a:poptop:pptp_server:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-03-2011 - 02:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 23886
confirm http://sourceforge.net/project/shownotes.php?release_id=501476&group_id=44827
debian DSA-1288
gentoo GLSA-200705-18
sectrack 1018064
secunia
  • 25220
  • 25255
  • 26987
suse
  • SUSE-SR:2007:010
  • SUSE-SR:2007:019
trustix 2007-0017
ubuntu
  • USN-459-1
  • USN-459-2
vupen ADV-2007-1743
Last major update 08-03-2011 - 02:49
Published 11-05-2007 - 04:19
Last modified 08-03-2011 - 02:49
Back to Top