Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-459-2] pptpd regression

from [Kees Cook] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-459-2] pptpd regression
Date: Mon, 21 May 2007 14:22:09 -0700 
=========================================================== 
Ubuntu Security Notice USN-459-2               May 21, 2007
pptpd vulnerabilities
https://launchpad.net/bugs/115448
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  bcrelay                                  1.2.3-1ubuntu0.2
  pptpd                                    1.2.3-1ubuntu0.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-459-1 fixed vulnerabilities in pptpd.  However, a portion of the fix 
caused a regression in session establishment under Dapper for certain 
PPTP clients.  This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 A flaw was discovered in the PPTP tunnel server. Remote attackers could 
 send a specially crafted packet and disrupt established PPTP tunnels, 
 leading to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.2.diff.gz
      Size/MD5:     9454 2d77f7325b22f11bc934caae910d6235
    
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.2.dsc
      Size/MD5:      597 99180d1dd8b3fb5d18f200bcec669beb
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3.orig.tar.gz
      Size/MD5:   185721 a521e40ca304b0c125cc25f9b9d03324

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.2_amd64.deb
      Size/MD5:    20470 3f21f2728e3ea23ee38316f5441d6d8d
    
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.2_amd64.deb
      Size/MD5:    56676 b87a21300d9010e1a4bd38dfcc72963d

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.2_i386.deb
      Size/MD5:    19702 79dec9218e4c44ce9ab75ceb609494ff
    
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.2_i386.deb
      Size/MD5:    54228 0801f14c705396544b024417a9edd53a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.2_powerpc.deb
      Size/MD5:    20368 d2e318aa804d06c3a9fa84f17d0a582c
    
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.2_powerpc.deb
      Size/MD5:    58308 52095cfefa517a7e6fa22bdf4d6a148e

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.2_sparc.deb
      Size/MD5:    20142 61d2f4e9a005ab87646006fc12fe9d72
    
http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.2_sparc.deb
      Size/MD5:    54602 d6ff36cf5d38e0c453941f89559b09f2

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-459-2] pptpd regression, Kees Cook <=
Previous by Date:  Re: [Full-disclosure] noise about full-width encoding bypass?, Valdis . Kletnieks
Next by Date:  Re: [Full-disclosure] Linux big bang theory...., gary sweet
Previous by Thread:  [Full-disclosure] [SECURITY] [DSA 1291-3] New samba packages fix regression, Moritz Muehlenhoff
Next by Thread:  [Full-disclosure] [SECURITY] [DSA 1281-2] New clamav packages fix denial of service vulnerability, Noah Meyerhans
Indexes:  [Date] [Thread] [Top] [All Lists]