Buffer Overflow Vulnerability in Paul's PPP Package Affecting Multiple Platforms
CVE-2015-3310

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Debian Linux
Vendor: CVE Published:; 24 April 2015

Summary

A buffer overflow vulnerability has been identified in the rc_mksid function within the Paul's PPP Package, specifically in versions 2.4.6 and earlier. This weakness arises when the process ID (PID) for pppd exceeds 65535, enabling remote attackers to disrupt service by sending a start accounting message to the RADIUS server. The result can lead to a denial of service, rendering the targeted service inoperable. Organizations using this software must mitigate this risk by applying relevant patches or updates to ensure robust security.

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782450

x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://www.debian.org/security/2015/dsa-3228

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Apr 24, 2015
Vulnerability Reserved
Apr 16, 2015