A vulnerability was discovered in ppp, an implementation of the Point-to-Point Protocol: an integer overflow in the routine responsible for parsing user-supplied options potentially allows a local attacker to gain root privileges.

For the stable distribution (wheezy), this problem has been fixed in version 2.4.5-5.1+deb7u1. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 2.4.6-3. We recommend that you upgrade your ppp packages.

The Point-to-Point Protocol provides a standard way to transmit datagrams over a serial link, as well as a standard way for the machines at either end of the link to negotiate various optional characteristics of the link.

ppp on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2014/dsa-3079.html

---

Updated on 2015-03-25