l2tpd < 0.68 Multiple Vulnerabilities

High Nessus Plugin ID 11388

Synopsis

The remote host is running a network tunneling application that is affected by multiple vulnerabilities.

Description

The remote host is running a version of l2tpd prior to 0.67.

This version is vulnerable to a buffer overflow that could allow an attacker to gain a root shell on this host.

In addition, this program does not initialize its random number generator. Therefore, an attacker may predict some key values and hijack L2TP sessions established to this host.

Solution

Upgrade to l2tpd 0.68 or later.

Plugin Details

Severity: High

ID: 11388

File Name: l2tpd_overflow.nasl

Version: 1.20

Type: remote

Family: Gain a shell remotely

Published: 2003/03/14

Updated: 2018/07/12

Dependencies: 11387

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2004/04/09

Reference Information

CVE: CVE-2002-0872, CVE-2002-0873

BID: 5451

DSA: 152