l2tpd < 0.68 Multiple Vulnerabilities

This script is Copyright (C) 2003-2013 Tenable Network Security, Inc.


Synopsis :

The remote host is running a network tunneling application that is
affected by multiple vulnerabilities.

Description :

The remote host is running a version of l2tpd prior to 0.67.

This version is vulnerable to a buffer overflow that could allow an
attacker to gain a root shell on this host.

In addition, this program does not initialize its random number
generator. Therefore, an attacker may predict some key values and
hijack L2TP sessions established to this host.

Solution :

Upgrade to l2tpd 0.68 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Gain a shell remotely

Nessus Plugin ID: 11388 (l2tpd_overflow.nasl)

Bugtraq ID: 5451

CVE ID: CVE-2002-0872
CVE-2002-0873