PoPToP PPTP ctrlpacket.c Negative Read Remote Overflow
Critical Nessus Plugin ID 11540
SynopsisArbitrary code may be run on the remote server.
DescriptionThe remote PPTP server has remote buffer overflow vulnerability. The problem occurs due to insufficient sanity checks when referencing user-supplied input used in various calculations. As a result, it may be possible for an attacker to trigger a condition where sensitive memory can be corrupted. Successful exploitation of this issue may allow an attacker to execute arbitrary code with the privileges of the affected server.
SolutionThe vendor has released updated releases of PPTP server that address this issue. Users are advised to upgrade as soon as possible.