[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Qube3 VPN Vulnerability
- Subject: [cobalt-security] Qube3 VPN Vulnerability
- From: Malcolm McLeary <mmcleary@xxxxxxx>
- Date: Mon, 12 Jan 2004 08:26:34 +1100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Guys,
The version of pptpd running on a Qube3 is quite old. There is a known
vulnerability;
PoPToP PPTP Negative read() Argument Remote Buffer Overflow Vulnerability
bugtraq id 7316
Which affects all versions up to 1.1.3. The Qube3 is apparently running
1.0.1. Having said that, Sun did release a security update which included
an update to pptpd ... is it likely that they back ported the patch such
that although the version is old its not vulnerable?
Cheers, Malcolm