Remote buffer overflow vulnerability in PPP 'rc _ mksid () 'function
Remote buffer overflow vulnerability in PPP 'rc _ mksid () 'function
Release date:
Updated on:
Affected Systems:
Linux pppd
Description:
Bugtraq id: 74163
CVE (CAN) ID: CVE-2015-3310
PPP is a data connection protocol for establishing point-to-point direct connections.
The radius plug-in rc_mksid () of PPP has the buffer overflow vulnerability. Remote attackers can exploit this vulnerability to cause pppd to crash. This vulnerability occurs when the RADIUS plug-in processes the "start" billing message, and the pppd process PID is greater than 65535.
<* Source: Emanuele Rocca
*>
Suggestion:
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://linux.die.net/man/8/pppd
This article permanently updates the link address: