Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: rppppo-1.htm

Rp-pppoe up to 2.4 remotely triggerable endless loop



    rp-pppoe versions <= 2.4


    Robert Schlabbach found  following.   There is a denial-of-service
    vulnerability  in  rp-pppoe  versions  up  to  2.4.  rp-pppoe is a
    user-space PPPoE client for a  bunch of UNIXes and Linux,  used by
    many residential ADSL customers.

    If you use the "Clamp MSS" option and someone crafts a TCP  packet
    with an  (illegal) "zero-length"  option, rp-pppoe  will fall into
    an endless loop.  Eventually,  the PPP daemon should time  out and
    kill the connection.


    Upgrade to rp-pppoe 2.5 at

    If you cannot upgrade quickly,  do not use the "Clamp  MSS" option
    until you can upgrade.

    For Linux-Mandrake:

        Linux-Mandrake 7.1: 7.1/RPMS/rp-pppoe-2.5-2.1mdk.i586.rpm
        Linux-Mandrake 7.2: 7.2/RPMS/rp-pppoe-2.5-2.2mdk.i586.rpm

    For Red Hat:

    For Conectiva Linux:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH