GLSA-200407-17 : l2tpd: Buffer overflow

Critical Nessus Plugin ID 14550


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200407-17 (l2tpd: Buffer overflow)

Thomas Walpuski discovered a buffer overflow that may be exploitable by sending a specially crafted packet. In order to exploit the vulnerable code, an attacker would need to fake the establishment of an L2TP tunnel.
Impact :

A remote attacker may be able to execute arbitrary code with the privileges of the user running l2tpd.
Workaround :

There is no known workaround for this vulnerability.


All users are recommended to upgrade to the latest stable version:
# emerge sync # emerge -pv '>=net-l2tpd-0.69-r2' # emerge '>=net-l2tpd-0.69-r2'

See Also

Plugin Details

Severity: Critical

ID: 14550

File Name: gentoo_GLSA-200407-17.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2004/08/30

Modified: 2015/04/13

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:l2tpd, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2004/07/22

Vulnerability Publication Date: 2004/06/07

Reference Information

CVE: CVE-2004-0649

OSVDB: 6726

GLSA: 200407-17