l2tpd < 0.68 Multiple Vulnerabilities
High Nessus Plugin ID 11388
SynopsisThe remote host is running a network tunneling application that is affected by multiple vulnerabilities.
DescriptionThe remote host is running a version of l2tpd prior to 0.67.
This version is vulnerable to a buffer overflow that could allow an attacker to gain a root shell on this host.
In addition, this program does not initialize its random number generator. Therefore, an attacker may predict some key values and hijack L2TP sessions established to this host.
SolutionUpgrade to l2tpd 0.68 or later.