Support / Security / Advisories / Mandrakelinux 7.2 / MDKSA-2000:084

Package name: rp-pppoe
Date: 2000-12-18
Advisory ID: MDKSA-2000:084
Affected versions: 7.1 i586 , 7.2 i586

Problem description

rp-pppoe is a userspace PPPoE client mainly used with ADSL connections which require PPP. Versions prior to 2.5 have a security problem that, when exploited, causes the connection to be dropped. If rp-pppoe receives a crafted TCP segment with an option where the option-length field is zero (illegal), the program would enter an infinite loop and the connection would time-out and be dropped. This is only possible if the user uses the "Clamp MSS" option.

Updated packages

7.1 i586

 589bdccafbf374244ea2e940ae6df7ba  7.1/RPMS/rp-pppoe-2.5-2.1mdk.i586.rpm
e07be9faefcf1a58df48e872c9c7c068  7.1/SRPMS/rp-pppoe-2.5-2.1mdk.src.rpm

7.2 i586

 d64a2bff24c05941624865facbc3ac8e  7.2/RPMS/rp-pppoe-2.5-2.2mdk.i586.rpm
0fdd0cc473288e52e64087025b93f341  7.2/SRPMS/rp-pppoe-2.5-2.2mdk.src.rpm