Your submission was sent successfully! Close

CVE-2008-2750

Published: 18 June 2008

The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable.

From the Ubuntu security team

The PPP over L2TP routines in the kernel did not correctly handle certain messages. A remote attacker could send a specially crafted packet that could crash the system or execute arbitrary code.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.26~rc6)
Patches:
upstream: 6b6707a50c7598a83820077393f8823ab791abf8
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code does not exist)
linux-source-2.6.20
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code does not exist)
linux-source-2.6.22
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code does not exist)