Summary
The remote host is missing an update to pptpd
announced via advisory DSA 1288-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201288-1
Insight
It was discovered that the PoPToP Point to Point Tunneling Server contains a programming error, which allows the tear-down of a PPTP connection through a malformed GRE packet, resulting in denial of service.
The oldstable distribution (sarge) is not affected by this problem.
For the stable distribution (etch) this problem has been fixed in version 1.3.0-2etch1.
For the unstable distribution (sid) this problem has been fixed in version 1.3.4-1.
We recommend that you upgrade your pptpd packages.
Severity
Classification
-
CVE CVE-2007-0244 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities