Main Vulnerability Database SB2015051903

SB2015051903 - Buffer overflow in ppp (Alpine package)

Published: May 19, 2015

Security Bulletin ID SB2015051903

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Partial DoS

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Buffer overflow (CVE-ID: CVE-2015-3310)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=cdde228e6b00100b249dad0747188e3d48a784c6
https://git.alpinelinux.org/aports/commit/?id=ecf1daf475f163d39ae2f3b07222ae9734de6e38
https://git.alpinelinux.org/aports/commit/?id=fc021a03ac152ad0bd4a89405c5f6ce0fc63fb34