[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Qube3 VPN Vulnerability

Subject: [cobalt-security] Qube3 VPN Vulnerability
From: Malcolm McLeary <mmcleary@xxxxxxx>
Date: Mon, 12 Jan 2004 08:26:34 +1100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Guys,

The version of pptpd running on a Qube3 is quite old.  There is a known
vulnerability;

PoPToP PPTP Negative read() Argument Remote Buffer Overflow Vulnerability

bugtraq id     7316

Which affects all versions up to 1.1.3.  The Qube3 is apparently running
1.0.1.  Having said that, Sun did release a security update which included
an update to pptpd ... is it likely that they back ported the patch such
that although the version is old its not vulnerable?

Cheers,  Malcolm

Prev by Date: [cobalt-security] Cobalt security resource location (automatic reminder)
Next by Date: [cobalt-security] /etc/mail/access file being ignored
Previous by thread: [cobalt-security] Re: Is there a FAQ? or other resources for a Cobalt Qube 2??
Next by thread: [cobalt-security] /etc/mail/access file being ignored

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index