Published: 12/05/2003 Updated: 18/10/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 775

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

ctrlpacket.c in PoPToP PPTP server prior to 1.1.4-b3 allows remote malicious users to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
poptop pptp server 1.0.1
poptop pptp server 1.1.2
poptop pptp server 1.1.3
poptop pptp server 1.1.3_2002-10-09
poptop pptp server 1.1.4b1
poptop pptp server 1.1.4b2

Timo Sirainen discovered a vulnerability in pptpd, a Point to Point Tunneling Server, which implements PPTP-over-IPSEC and is commonly used to create Virtual Private Networks (VPN) By specifying a small packet length an attacker is able to overflow a buffer and execute code under the user id that runs pptpd, probably root An exploit for this prob ...

/* * exploit for a recently discovered vulnerability in PoPToP * PPTP server under Linux Versions affected are all prior to * 114-b3 and 113-20030409 * The exploit is capable of bruteforcing the RET address to find our * buffer in the stack Upon a successfull run it brings up a reverse * shell with privileges of the pptpd daemon (typi ...

## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Ms ...

## # $Id: poptop_negative_readrb 11114 2010-11-23 18:12:08Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

source: wwwsecurityfocuscom/bid/7316/info A buffer-overflow vulnerability has been discovered in PoPToP PPTP The problem occurs because the software fails to do sufficient sanity checks when referencing user-supplied input used in various calculations As a result, an attacker may be able to trigger a condition that would corrupt sensiti ...

/* * Fixed Exploit against PoPToP in Linux (poptop-sanec) * /r4nc0rwh0r3 of blightninjas (blightninjas@hushmailcom) * * blightninjas: bringing pain, suffering, and humiliation to the security world * Expect more great release like helloworld-annotatedc and * cd explained whitepaper, we are working hard in da underground * * Other Editio ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/317995 http://www.debian.org/security/2003/dsa-295 http://www.securityfocus.com/bid/7316 http://www.novell.com/linux/security/advisories/2003_029.html http://www.kb.cert.org/vuls/id/673993 http://www.securityfocus.com/archive/1/319428 http://sourceforge.net/project/shownotes.php?release_id=138437 http://marc.info/?l=bugtraq&m=105068728421160&w=2 http://marc.info/?l=bugtraq&m=105154539727967&w=2 https://nvd.nist.gov https://www.debian.org/security/./dsa-295 https://www.exploit-db.com/exploits/16/https://www.kb.cert.org/vuls/id/673993

CVE-2003-0213

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect