Linux Kernel "pppol2tp_recvmsg()" Memory Corruption Vulnerability

[praka123]

Quote:

Linux Kernel "pppol2tp_recvmsg()" Memory Corruption Vulnerability
Secunia Advisory: SA30719 Release Date: 2008-06-16
Critical:
Less critical Impact: DoS
Where: From local network
Solution Status: Vendor Workaround
OS:Linux Kernel 2.6.x







Description:
A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a boundary error in the "pppol2tp_recvmsg()" function and can potentially be exploited to corrupt kernel memory via a specially crafted PPP over L2TP packet.

The vulnerability is reported in 2.6.x versions prior to 2.6.26-rc6.

Solution:
Use PPP over L2TP in trusted networks only.

Fixed in version 2.6.26-rc6.

Provided and/or discovered by:
The vendor credits Ilja of Netric.

Original Advisory:
http://kernel.org/pub/linux/kernel/v...Log-2.6.26-rc6

http://git.kernel.org/?p=linux/kernel...707a50c7598a83820077393f8823ab791abf8

http://secunia.com/advisories/30719/

[MetalheadGautham]

DoS can't happen if you set your firewall up properly for home systems.
I use KMyFirewall, a GUI for IPTables, and I configured it so that it always limits the number of incomming connections, and at most times even disabling them.

[unni]

The thread title scared me. Thanks for sharing the info.