TUCoPS :: Unix :: General
:: rppppo-1.htm
Rp-pppoe up to 2.4 remotely triggerable endless loop
Vulnerability
rp-pppoe
Affected
rp-pppoe versions <= 2.4
Description
Robert Schlabbach found following. There is a denial-of-service
vulnerability in rp-pppoe versions up to 2.4. rp-pppoe is a
user-space PPPoE client for a bunch of UNIXes and Linux, used by
many residential ADSL customers.
If you use the "Clamp MSS" option and someone crafts a TCP packet
with an (illegal) "zero-length" option, rp-pppoe will fall into
an endless loop. Eventually, the PPP daemon should time out and
kill the connection.
Solution
Upgrade to rp-pppoe 2.5 at
http://www.roaringpenguin.com/pppoe/
If you cannot upgrade quickly, do not use the "Clamp MSS" option
until you can upgrade.
For Linux-Mandrake:
Linux-Mandrake 7.1: 7.1/RPMS/rp-pppoe-2.5-2.1mdk.i586.rpm
7.1/SRPMS/rp-pppoe-2.5-2.1mdk.src.rpm
Linux-Mandrake 7.2: 7.2/RPMS/rp-pppoe-2.5-2.2mdk.i586.rpm
7.2/SRPMS/rp-pppoe-2.5-2.2mdk.src.rpm
For Red Hat:
ftp://updates.redhat.com/7.0/alpha/rp-pppoe-2.5-1.alpha.rpm
ftp://updates.redhat.com/7.0/i386/rp-pppoe-2.5-1.i386.rpm
ftp://updates.redhat.com/7.0/SRPMS/rp-pppoe-2.5-1.src.rpm
For Conectiva Linux:
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/rp-pppoe-2.5-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rp-pppoe-2.5-1cl.i386.rpm