PPTP Vulnerabilities
Created 11/4/02
CAN 2002-1214
Impact
A remote attacker could crash the PPTP service.
Background
Point to Point Tunneling Protocol
(PPTP) is a
protocol which is used to implement a Virtual Private Network
(VPN) across insecure networks. A VPN uses encryption to
allow remote clients to communicate securely with other
hosts on the VPN even though they are not physically
connected to the network.
The Problem
A buffer overflow condition could allow a remote attacker
to crash the PPTP service which is native
to Windows 2000 and XP. PPTP
clients could also be affected if the vulnerability is
exploited during an active session. Since the buffer overflow
occurs in kernel memory rather than on the stack or the
heap, the effect of this vulnerability is probably limited
to denial of service. Execution of arbitrary commands would
be very difficult or impossible.
Resolution
Install the patch referenced in
Microsoft Security Bulletin 02-063.
Where can I read more about this?
This vulnerability was reported in
Microsoft Security Bulletin 02-063 and
Bugtraq.