USN-12-1: ppp Denial of Service

29 October 2004

ppp Denial of Service

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

It has been discovered that ppp does not properly verify certain data structures used in the CBCP protocol. This vulnerability could allow an attacker to cause the pppd server to crash due to an invalid memory access, leading to a denial of service. However, there is no possibility of code execution or privilege escalation.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
ppp

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References