{"vuid":"VU#673993","idnumber":"673993","name":"PopTop PPTP Server contains buffer overflow in \"ctrlpacket.c\"","keywords":["PoPToP PPTP Server","buffer overflow","ctrlpacket.c","length"],"overview":"There is a remotely exploitable buffer overflow in PopTop. An exploit for this vulnerability exists and is publicly available.","clean_desc":"From the PopTop web site: PopToP is the PPTP server solution for Linux (ports exist for Solaris 2.6, OpenBSD and FreeBSD and others). A buffer overflow exists in ctrlpacket.c, which is used to control message packet reading, formatting, and writing. For further technical details, please see the original report.","impact":"A remote attacker may be able to crash the PPTP server or execute arbitrary code with the privileges of the PopTop server.","resolution":"Upgrade to the latest version of PopTop.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by Timo Sirainen.","author":"This document was written by Ian A Finlay.","public":["http://opensource.lineo.com/cgi-bin/cvsweb/~checkout~/poptop/ctrlpacket.c?rev=1.1.1.1&content-type=text/plain&sortby=file","http://sourceforge.net/mailarchive/forum.php?thread_id=1947395&forum_id=8250","http://marc.theaimsgroup.com/?l=bugtraq&m=105068728421160&w=2","http://marc.theaimsgroup.com/?l=bugtraq&m=105154539727967&w=2","http://www.poptop.org/"],"cveids":["CVE-2003-0213"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-04-10T14:00:41Z","publicdate":"2003-04-09T00:00:00Z","datefirstpublished":"2003-04-29T17:06:04Z","dateupdated":"2003-05-01T13:53:06Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"17","cam_population":"5","cam_impact":"20","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"27.75","cam_scorecurrentwidelyknown":"27.75","cam_scorecurrentwidelyknownexploited":"42.75","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":27.75,"vulnote":null}