lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070514231359.GK20826@outflux.net>
Date: Mon, 14 May 2007 16:13:59 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-459-1] pptpd vulnerability

=========================================================== 
Ubuntu Security Notice USN-459-1               May 14, 2007
pptpd vulnerability
CVE-2007-0244
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  pptpd                                    1.2.3-1ubuntu0.1

Ubuntu 6.10:
  pptpd                                    1.3.0-1ubuntu1.1

Ubuntu 7.04:
  pptpd                                    1.3.0-2ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in the PPTP tunnel server. Remote attackers could 
send a specially crafted packet and disrupt established PPTP tunnels, 
leading to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.1.diff.gz
      Size/MD5:     9525 4652286f82318c860e5e76083d663a7a
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.1.dsc
      Size/MD5:      597 e9625a44d4584da014ad77eba251454f
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3.orig.tar.gz
      Size/MD5:   185721 a521e40ca304b0c125cc25f9b9d03324

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.1_amd64.deb
      Size/MD5:    20370 545e71c0d8b32e871e45e4cfc5b6ad60
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.1_amd64.deb
      Size/MD5:    56580 04a987efa3877a0fceae2edb18b3f9f4

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.1_i386.deb
      Size/MD5:    19594 1799e178a5987452c890d56c52a9be0f
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.1_i386.deb
      Size/MD5:    54090 1ea05584c2e45f278fb8d33af0d5ae6f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.1_powerpc.deb
      Size/MD5:    20266 8de4f690aa76298f8fd0be5177a6d4ed
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.1_powerpc.deb
      Size/MD5:    58214 9d8bd2969a2fa04a2b7c9aa96d8f907e

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.1_sparc.deb
      Size/MD5:    20050 c4238aecb4637927d17a459cacdfc67e
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.1_sparc.deb
      Size/MD5:    54492 865f4e30dcff960623b51f2b8b7c3606

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu1.1.diff.gz
      Size/MD5:    10658 4cdd436b493b97c08e2d8f9c3f0b8e78
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu1.1.dsc
      Size/MD5:      598 8debde20d9628b9bfd6b31821db08c34
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0.orig.tar.gz
      Size/MD5:   204099 75d494e881f7027f4e60b114163f6b67

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-1ubuntu1.1_amd64.deb
      Size/MD5:    20598 f5560532c5a5223bd564b055bd0abf51
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu1.1_amd64.deb
      Size/MD5:    59582 e42730cfba2837b3c6150ba56d6f9902

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-1ubuntu1.1_i386.deb
      Size/MD5:    20114 b10592444d29719ffd929221d905e25c
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu1.1_i386.deb
      Size/MD5:    57270 a2301734c0e64841c813fc7a98ccd078

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-1ubuntu1.1_powerpc.deb
      Size/MD5:    20758 67b6f33a7b82b79799ebf848b2841862
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu1.1_powerpc.deb
      Size/MD5:    61800 97721f1023449e7748d3cc046d7dae13

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-1ubuntu1.1_sparc.deb
      Size/MD5:    20330 07990d07edc743e826673113a0107c81
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu1.1_sparc.deb
      Size/MD5:    57270 2703d5648dbdb6cc8be04e3af1d73b7c

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu2.1.diff.gz
      Size/MD5:    11874 e81de357dfab8f29c3599625d81fc8cf
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu2.1.dsc
      Size/MD5:      691 8c0d9ed20da4b2d5c7bc0e0d9af7c041
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0.orig.tar.gz
      Size/MD5:   204099 75d494e881f7027f4e60b114163f6b67

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-2ubuntu2.1_amd64.deb
      Size/MD5:    21054 f3435c33df5e7edca459e840b28250ba
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu2.1_amd64.deb
      Size/MD5:    60236 c83890c810e301e953a7e727dea4fb5f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-2ubuntu2.1_i386.deb
      Size/MD5:    20522 5848f785378f0b6fd5da58c1bb52e0c5
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu2.1_i386.deb
      Size/MD5:    57932 434b72a6df46510351da38769f8daded

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-2ubuntu2.1_powerpc.deb
      Size/MD5:    21712 d9aeb4185431c0f698f70ebd48be067e
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu2.1_powerpc.deb
      Size/MD5:    65494 709ade3791d02115930e5640c1a9ae07

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-2ubuntu2.1_sparc.deb
      Size/MD5:    21006 a6f1fa7420c618bf629ff0fd5588ce83
    http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu2.1_sparc.deb
      Size/MD5:    58696 be68b75cd3cf01e5c4bcf79070e1587e


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ