l2tpd < 0.68 Multiple Vulnerabilities
High Nessus Plugin ID 11388
Synopsis
The remote host is running a network tunneling application that is affected by multiple vulnerabilities.
Description
The remote host is running a version of l2tpd prior to 0.67.
This version is vulnerable to a buffer overflow that could allow an attacker to gain a root shell on this host.
In addition, this program does not initialize its random number generator. Therefore, an attacker may predict some key values and hijack L2TP sessions established to this host.
Solution
Upgrade to l2tpd 0.68 or later.