Bugtraq mailing list archives
DoS vulnerability in rp-pppoe versions <= 2.4
From: "David F. Skoll" <dfs () ROARINGPENGUIN COM>
Date: Mon, 11 Dec 2000 08:50:38 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is a denial-of-service vulnerability in rp-pppoe versions up to 2.4. rp-pppoe is a user-space PPPoE client for a bunch of UNIXes and Linux, used by many residential ADSL customers. If you use the "Clamp MSS" option and someone crafts a TCP packet with an (illegal) "zero-length" option, rp-pppoe will fall into an endless loop. Eventually, the PPP daemon should time out and kill the connection. Solution: Upgrade to rp-pppoe 2.5 at http://www.roaringpenguin.com/pppoe/. If you cannot upgrade quickly, do not use the "Clamp MSS" option until you can upgrade. Thanks to Robert Schlabbach for reporting this vulnerability to me. - -- David F. Skoll Roaring Penguin Software Inc. | http://www.roaringpenguin.com GPG fingerprint: 50B4 FA66 CE95 E456 CD8F 96C9 E64D 185C 6646 68E0 GPG public key: http://www.roaringpenguin.com/dskoll-key.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/ iD8DBQE6NNu15k0YXGZGaOARAlaeAKDTRgTIPoUstrVD//vYEd2oJj9CrgCfQfab RYrUHNcfytaeNCg0Y3neWZQ= =rjQt -----END PGP SIGNATURE-----
Current thread:
- DoS vulnerability in rp-pppoe versions <= 2.4 David F. Skoll (Dec 12)