If you're hitting it as a regular bug in your usage, please open a support case and work with out support to open a bug report against the product version you're interested in and have the bug properly prioritized.There's a buffer overflow in the P圜Arg_repr() function in _ctypes/callproc.c. Given all the above, this was not classified to have sufficient security impact to trigger a security update. Reducing pid_max should be a workaround for those systems if they do not need to run more than 65535 process at the same time. This problem can only be triggered on systems with more than 64 CPUs by default. The following solution article explains how pid_max is determined (note that it discusses Red Hat Enterprise Linux 5 and 6 currently): On many systems, this problem can not be triggered at all, as pid_max is below 65536. If ppp runs with pid higher than 65535, it crashes when reaching this code, regardless of whether it's communicating with malicious or non-malicious user. That's fairly accurate statement - it's not much of a security issue, but more of a bug. > BTW, IIUC there doesn't need to be an attacker. (In reply to Charlie Brady from comment #4) This attack vector can be used by attacker to cause remote DOS to devices using this, though there is not evidence of this being exploited in wild. It expects hex representation to 4 chars long only so if pid is 65535 then hex representation would be 0xFFFF, where as even if pid value increases by 1, that is 65536 hex representation would become 0x10000, which would lead to buffer overflow. In the sprintf function, getpid() is used to get the pid of the pppd, which the rc_mksid function converts to hex to generate pseudo unique string. * Purpose : generate a quite unique string */ rc_mksid() function is implemented in pppd/plugins/radius/util.c, following is the problematic function rc_mksid() function is used to generate pseudo-unique string. RADIUS plugin enabled pppd to do PAP,CHAP, MS-CHAP, MS-CHAPv2 etc authentication against RADIUS server. Ppp package contains the ppp ( Point-to-Point Protocol) daemon, which provides method of tranmitting datagrams over serial point-to-point links.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |