Joined: 12 May 2004
|Posted: Sat Dec 13, 2014 11:26 pm Post subject: [ GLSA 201412-19 ] PPP: Information disclosure
|Gentoo Linux Security Advisory
Title: PPP: Information disclosure (GLSA 201412-19)
Date: December 13, 2014
An integer overflow in PPP might allow local attackers to obtain
PPP is a Unix implementation of the Point-to-Point Protocol
Vulnerable: < 2.4.7
Unaffected: >= 2.4.7
Architectures: All supported architectures
Integer overflow is discovered in the getword function in options.c in
A local attacker could execute process with extremely long options list,
possibly obtaining sensitive information.
There is no known workaround at this time.
All PPP users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dialup/ppp-2.4.7"