Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 23 Jun 2008 15:22:38 -0400 (EDT)
From: "Steven M. Christey" <>
Subject: Re: query on a pppol2tp_recvmsg() fix - security

Name: CVE-2008-2750
Status: Candidate
Reference: CONFIRM:;a=commit;h=6b6707a50c7598a83820077393f8823ab791abf8
Reference: CONFIRM:
Reference: BID:29747
Reference: URL:
Reference: FRSIRT:ADV-2008-1854
Reference: URL:
Reference: SECTRACK:1020297
Reference: URL:
Reference: SECUNIA:30719
Reference: URL:
Reference: XF:linux-kernel-pppol2tprecvmsg-dos(43111)
Reference: URL:

The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux
kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial
of service (kernel heap memory corruption and system crash) and
possibly have unspecified other impact via a crafted PPPOL2TP packet
that results in a large value for a certain length variable.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.