14th Aug 2002 [SBWID-5629]
COMMAND
l2tpd tunneling software bad random in crypt and buffer overflow
SYSTEMS AFFECTED
All versions of l2tpd up to this point
PROBLEM
Jeff Mcadams says :
--snipp--
All versions of l2tpd up to this point used the rand() function to
generate random numbers, but didn't seed rand() with srand() *AT ALL*!
(Hey, I didn't originally write it, folks ;). rand() was used as a
source for random numbers for tunnel, and session ids (which means
that, previously, tunnel and session ids were predictable...not a big
deal), but also for challenge generation in the challenge-response
mechanism (which *IS* a big deal).
--snapp--
Also there is a fix for some off by 6 errors in avp handling in the new
release :
When dealing with the size of the value in an AVP, don't use the length
field of the AVP...at least not without subtracting 6 bytes for the AVP
header...I think there are more places for this to be fixed in the
code...haven't auditted all of the avp handling code for this yet.
--snipp--
SOLUTION
Get version 0.68 from [http://www.l2tpd.org]
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
