PoPToP PPTP ctrlpacket.c Negative Read Remote Overflow

Critical Nessus Plugin ID 11540


Arbitrary code may be run on the remote server.


The remote PPTP server has remote buffer overflow vulnerability. The problem occurs due to insufficient sanity checks when referencing user-supplied input used in various calculations. As a result, it may be possible for an attacker to trigger a condition where sensitive memory can be corrupted. Successful exploitation of this issue may allow an attacker to execute arbitrary code with the privileges of the affected server.


The vendor has released updated releases of PPTP server that address this issue. Users are advised to upgrade as soon as possible.

Plugin Details

Severity: Critical

ID: 11540

File Name: poptop_negative_read.nasl

Version: $Revision: 1.22 $

Type: remote

Published: 2003/04/16

Modified: 2012/12/17

Dependencies: 10622

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:poptop:pptp_server

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2003/04/09

Exploitable With

Metasploit (Poptop Negative Read Overflow)

Reference Information

CVE: CVE-2003-0213

BID: 7316

OSVDB: 3293

SuSE: SUSE-SA:2003:029