On 12/04/15 13:20, Emanuele Rocca wrote:
On systems with more than 65535 processes running, pppd aborts when
sending a start accounting message to the RADIUS server because of a
buffer overflow in rc_mksid.
The process id is used in rc_mksid to generate a pseudo-unique string,
assuming that
Control: retitle -1 ppp: CVE-2015-3310: Buffer overflow in radius plugin
Hi
This issue has been assigned CVE-2015-3310.
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
NMU diff attached.
diff -Nru ppp-2.4.6/debian/changelog ppp-2.4.6/debian/changelog
--- ppp-2.4.6/debian/changelog 2014-10-19 11:56:12.0 +0200
+++ ppp-2.4.6/debian/changelog 2015-04-14 08:29:42.0 +0200
@@ -1,3 +1,16 @@
+ppp (2.4.6-3.1) unstable; urgency=high
+
+ * Non-maintainer
On 14/04/2015 07:48, Emanuele Rocca wrote:
NMU diff attached.
ppp_2.4.6-3.1-nmu.diff
diff -Nru ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow
ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow
--- ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow 1970-01-01
On 14/04/2015 07:48, Emanuele Rocca wrote:
NMU diff attached.
ppp_2.4.6-3.1-nmu.diff
diff -Nru ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow
ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow
--- ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow 1970-01-01
Hi Roger,
On 14/04 12:13, Roger Lynn wrote:
On 14/04/2015 07:48, Emanuele Rocca wrote:
+--- ppp-2.4.6.orig/pppd/plugins/radius/util.c
ppp-2.4.6/pppd/plugins/radius/util.c
+@@ -77,7 +77,7 @@ rc_mksid (void)
+ static unsigned short int cnt = 0;
+ sprintf (buf, %08lX%04X%02hX,
Correction: the bug occurs if pppd's pid is greater than 65535. The number
of
running processes is irrelevant.
Package: ppp
Version: 2.4.6-3
Severity: important
Tags: patch
On systems with more than 65535 processes running, pppd aborts when
sending a start accounting message to the RADIUS server because of a
buffer overflow in rc_mksid.
The process id is used in rc_mksid to generate a pseudo-unique
8 matches
Mail list logo