| Vulnerability Name: | CVE-2003-0213 (CCN-11756) | ||||||||||||
| Assigned: | 2003-04-09 | ||||||||||||
| Published: | 2003-04-09 | ||||||||||||
| Updated: | 2016-10-18 | ||||||||||||
| Summary: | ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow. | ||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Apr 09 2003 - 11:19:33 CDT PoPToP PPTP server remotely exploitable buffer overflow Source: MITRE Type: CNA CVE-2003-0213 Source: BUGTRAQ Type: UNKNOWN 20030418 Exploit for PoPToP PPTP server Source: BUGTRAQ Type: UNKNOWN 20030428 GLSA: pptpd (200304-08) Source: CONFIRM Type: UNKNOWN http://sourceforge.net/project/shownotes.php?release_id=138437 Source: DEBIAN Type: Patch, Vendor Advisory DSA-295 Source: DEBIAN Type: DSA-295 pptpd -- buffer overflow Source: CCN Type: US-CERT VU#673993 PopTop PPTP Server contains buffer overflow in ctrlpacket.c Source: CERT-VN Type: US Government Resource VU#673993 Source: CCN Type: Gentoo Linux Security Announcement 200304-08 pptpd buffer overflow Source: SUSE Type: UNKNOWN SuSE-SA:2003:029 Source: CCN Type: OSVDB ID: 3293 PoPToP PPTP ctrlpacket.c Negative Read Remote Overflow Source: CCN Type: PoPToP Web site Poptop - Open Source PPTP Server Source: BUGTRAQ Type: Patch, Vendor Advisory 20030409 PoPToP PPTP server remotely exploitable buffer overflow Source: BUGTRAQ Type: UNKNOWN 20030422 Re: Exploit for PoPToP PPTP server - Linux version Source: BID Type: Exploit, Patch, Vendor Advisory 7316 Source: CCN Type: BID-7316 PoPToP PPTP Negative read() Argument Remote Buffer Overflow Vulnerability Source: XF Type: UNKNOWN poptop-ctrlpacket-packet-bo(11756) Source: CCN Type: metasploit-framework GIT Repopsitory metasploit-framework/poptop_negative_read.rb at master · rapid7/metasploit-framework · GitHub Source: CCN Type: Rapid7 Vulnerability and Exploit Database Poptop Negative Read Overflow Source: SUSE Type: SUSE-SA:2003:029 pptpd: remote code execution | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||