Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: General :: lnx5629.htm

l2tpd tunneling software bad random in crypt and buffer overflow



14th Aug 2002 [SBWID-5629]
COMMAND

	l2tpd tunneling software bad random in crypt and buffer overflow

SYSTEMS AFFECTED

	All versions of l2tpd up to this point

PROBLEM

	Jeff Mcadams says :
	

	--snipp--
	

	All versions of l2tpd up to this  point  used  the  rand()  function  to
	generate random numbers, but didn't seed rand() with srand()  *AT  ALL*!
	(Hey, I didn't originally write it, folks  ;).  rand()  was  used  as  a
	source for random numbers for  tunnel,  and  session  ids  (which  means
	that, previously, tunnel and session ids were  predictable...not  a  big
	deal), but also  for  challenge  generation  in  the  challenge-response
	mechanism (which *IS* a big deal).
	

	--snapp--
	

	Also there is a fix for some off by 6 errors in avp handling in the  new
	release :
	

	When dealing with the size of the value in an AVP, don't use the  length
	field of the AVP...at least not without subtracting 6 bytes for the  AVP
	header...I think there are more places for  this  to  be  fixed  in  the
	code...haven't auditted all of the avp handling code for this yet.
	

	--snipp--

SOLUTION

	Get version 0.68 from [http://www.l2tpd.org]


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH