Mandrake Linux Security Advisory : rp-pppoe (MDKSA-2000:084)
Medium Nessus Plugin ID 61870
SynopsisThe remote Mandrake Linux host is missing a security update.
Descriptionrp-pppoe is a userspace PPPoE client mainly used with ADSL connections which require PPP. Versions prior to 2.5 have a security problem that, when exploited, causes the connection to be dropped. If rp-pppoe receives a crafted TCP segment with an option where the option-length field is zero (illegal), the program would enter an infinite loop and the connection would time-out and be dropped. This is only possible if the user uses the 'Clamp MSS' option.
SolutionUpdate the affected rp-pppoe package.