Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: DoS vulnerability in rp-pppoe versions <= 2.4
From: David F. Skoll (dfsROARINGPENGUIN.COM)
Date: Mon Dec 11 2000 - 07:50:38 CST
- Next message: Greg KH: "Immunix OS Security update for ed"
- Previous message: Max-Wilhelm Bruker: "bftpd 1.0.13"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
There is a denial-of-service vulnerability in rp-pppoe versions up to
2.4. rp-pppoe is a user-space PPPoE client for a bunch of UNIXes and
Linux, used by many residential ADSL customers.
If you use the "Clamp MSS" option and someone crafts a TCP packet with
an (illegal) "zero-length" option, rp-pppoe will fall into an endless loop.
Eventually, the PPP daemon should time out and kill the connection.
Solution: Upgrade to rp-pppoe 2.5 at http://www.roaringpenguin.com/pppoe/.
If you cannot upgrade quickly, do not use the "Clamp MSS" option until you
Thanks to Robert Schlabbach for reporting this vulnerability to me.
David F. Skoll
Roaring Penguin Software Inc. | http://www.roaringpenguin.com
GPG fingerprint: 50B4 FA66 CE95 E456 CD8F 96C9 E64D 185C 6646 68E0
GPG public key: http://www.roaringpenguin.com/dskoll-key.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/
-----END PGP SIGNATURE-----