[PLDSA 58-1] New pptpd packages fix remote root exploit

Sat May 3 15:47:32 CEST 2003

- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 58-1                       security at pld.org.pl
http://www.pld.org.pl/security/                          PLD Security Team
19 April 2003				http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------

Package        : prior to pptpd-1.1.3-1
Vulnerability  : buffer overflow
Problem-Type   : remote
PLD-specific   : no

Timo Sirainen discovered a problem in the pptpd - a remote buffer overflow.
The exploit is capable of bruteforcing the RET address to find our
buffer in the stack. Upon a successfull run it brings up a reverse
shell with privileges of the pptpd daemon (typically root)
on the victim server.

The above problems have been fixed in version 1.1.4-1 for the
current stable distribution (ra).

We recommend that you upgrade your pptpd packages.

wget -c url
	will fetch the file for you
rpm -Uhv file(s)*.rpm
        will upgrade the referenced file.

If you are using "poldek" - the package manager, use the line as given below
for upgrade packages

poldek --update
        will update the internal database
poldek --upgrade 'pptpd*'
        will install corrected packages

If you are using "apt" - the package manager, use the line as given below
for upgrade packages

apt-get update
        will update the internal database
apt-get upgrade 'pptpd*'
        will install corrected packages

PLD Linux 1.0 alias ra
- --------------------

  Source archives:

ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/pptpd-1.1.4-1.src.rpm
       MD5 checksum: bc4d1d1455dba81b01af992af78d207e

  I386 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/pptpd-1.1.4-1.i386.rpm
       MD5 checksum: 03f144c742db05adeb5947d40d69c4d9

  I586 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/pptpd-1.1.4-1.i586.rpm
       MD5 checksum: 7ede8f8fddca9abee9953b5b60746694

  I686 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/pptpd-1.1.4-1.i686.rpm
       MD5 checksum: 572fd8eb542e6b9f113361f0f77b560c

  PowerPC Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/pptpd-1.1.4-1.ppc.rpm
       MD5 checksum: 9db4e6e6c533c6262f847128f83bfb70

-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.

For i386 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security