|Category:||Gain a shell remotely|
|Summary:||Determine if a remote PPTP server has remote buffer overflow vulnerability|
The remote PPTP server has remote buffer overflow vulnerability.
The problem occurs due to insufficient sanity checks when referencing
user-supplied input used in various calculations. As a result, it may
be possible for an attacker to trigger a condition where sensitive
memory can be corrupted. Successful exploitation of this issue may
allow an attacker to execute arbitrary code with the privileges of
the affected server.
Solution : The vendor has released updated releases of
PPTP server which address this issue. Users are advised
to upgrade as soon as possible.
BugTraq ID: 7316|
Common Vulnerability Exposure (CVE) ID: CVE-2003-0213
Bugtraq: 20030409 PoPToP PPTP server remotely exploitable buffer overflow (Google Search)
Bugtraq: 20030418 Exploit for PoPToP PPTP server (Google Search)
Bugtraq: 20030422 Re: Exploit for PoPToP PPTP server - Linux version (Google Search)
Debian Security Information: DSA-295 (Google Search)
SuSE Security Announcement: SuSE-SA:2003:029 (Google Search)
Bugtraq: 20030428 GLSA: pptpd (200304-08) (Google Search)
CERT/CC vulnerability note: VU#673993
|Copyright||This script is Copyright (C) 2003 Xue Yong Zhi|
|This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.