Linux Kernel "pppol2tp_recvmsg()" Memory Corruption Vulnerability

[praka123]

Linux Kernel "pppol2tp_recvmsg()" Memory Corruption Vulnerability
Secunia Advisory: SA30719 Release Date: 2008-06-16
Critical: *secunia.com/gfx/crit_2.gif
Less critical Impact: DoS
Where: From local network
Solution Status: Vendor Workaround
OS:Linux Kernel 2.6.x







Description:
A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a boundary error in the "pppol2tp_recvmsg()" function and can potentially be exploited to corrupt kernel memory via a specially crafted PPP over L2TP packet.

The vulnerability is reported in 2.6.x versions prior to 2.6.26-rc6.

Solution:
Use PPP over L2TP in trusted networks only.

Fixed in version 2.6.26-rc6.

Provided and/or discovered by:
The vendor credits Ilja of Netric.

Original Advisory:
*kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.26-rc6

*git.kernel.org/?p=linux/kernel...707a50c7598a83820077393f8823ab791abf8

*secunia.com/advisories/30719/

 

[MetalheadGautham]

DoS can't happen if you set your firewall up properly for home systems.
I use KMyFirewall, a GUI for IPTables, and I configured it so that it always limits the number of incomming connections, and at most times even disabling them.

 

[unni]

The thread title scared me. Thanks for sharing the info.