TUCoPS :: Unix :: General

TUCoPS :: Unix :: General :: rppppo-1.htm
Rp-pppoe up to 2.4 remotely triggerable endless loop
Vulnerability

    rp-pppoe

Affected

    rp-pppoe versions <= 2.4

Description

    Robert Schlabbach found  following.   There is a denial-of-service
    vulnerability  in  rp-pppoe  versions  up  to  2.4.  rp-pppoe is a
    user-space PPPoE client for a  bunch of UNIXes and Linux,  used by
    many residential ADSL customers.

    If you use the "Clamp MSS" option and someone crafts a TCP  packet
    with an  (illegal) "zero-length"  option, rp-pppoe  will fall into
    an endless loop.  Eventually,  the PPP daemon should time  out and
    kill the connection.

Solution

    Upgrade to rp-pppoe 2.5 at

        http://www.roaringpenguin.com/pppoe/

    If you cannot upgrade quickly,  do not use the "Clamp  MSS" option
    until you can upgrade.

    For Linux-Mandrake:

        Linux-Mandrake 7.1: 7.1/RPMS/rp-pppoe-2.5-2.1mdk.i586.rpm
                            7.1/SRPMS/rp-pppoe-2.5-2.1mdk.src.rpm
        Linux-Mandrake 7.2: 7.2/RPMS/rp-pppoe-2.5-2.2mdk.i586.rpm
                            7.2/SRPMS/rp-pppoe-2.5-2.2mdk.src.rpm

    For Red Hat:

        ftp://updates.redhat.com/7.0/alpha/rp-pppoe-2.5-1.alpha.rpm
        ftp://updates.redhat.com/7.0/i386/rp-pppoe-2.5-1.i386.rpm
        ftp://updates.redhat.com/7.0/SRPMS/rp-pppoe-2.5-1.src.rpm

    For Conectiva Linux:

        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/rp-pppoe-2.5-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rp-pppoe-2.5-1cl.i386.rpm