CVE-2015-3310

EPSS 1.7%

ppp - security update

Published: 4/24/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-3310

Description

Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.

Affected packages (3)

Debian/pppfrom 0, < 2.4.6-3.1
Debian/pppfrom 0, < 2.4.5-4+deb6u2
Debian/pppfrom 0, < 2.4.5-5.1+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3310