发布时间 :2004-08-06 00:00:00
修订时间 :2016-10-17 22:47:13

[原文]Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.

[CNNVD]L2TPD Write_Packet Block基于BSS缓冲区溢出漏洞(CNNVD-200408-025)

        l2tpd是一个二层隧道协议守护进程,它基于RFC 2661。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20040604 bss-based buffer overflow in l2tpd
(VENDOR_ADVISORY)  XF  l2tpd-writepacket-bo(16326)

- 漏洞信息

L2TPD Write_Packet Block基于BSS缓冲区溢出漏洞
危急 边界条件错误
2004-08-06 00:00:00 2005-10-20 00:00:00
        l2tpd是一个二层隧道协议守护进程,它基于RFC 2661。

- 公告与补丁


- 漏洞信息

l2tpd control.c write_packet Function Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown Vendor Verified

- 漏洞描述

A remote overflow exists in l2tpd. The l2tpd program fails to check the boundary in the write_packet() function in control.c, resulting in a buffer overflow. By establishing an L2TP tunnel and then sending a specially crafted packet, a remote attacker can overflow a buffer, resulting in a loss of integrity.

- 时间线

2004-06-07 Unknow
2004-06-04 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

L2TPD Write_Packet Block BSS based Buffer Overflow Vulnerability
Boundary Condition Error 10466
Yes No
2004-06-04 12:00:00 2009-07-12 05:16:00
Disclosure of this issue is credited to Thomas Walpuski <>.

- 受影响的程序版本

l2tpd l2tpd 0.69
l2tpd l2tpd 0.68
l2tpd l2tpd 0.67
+ Debian Linux 3.0
l2tpd l2tpd 0.66
l2tpd l2tpd 0.65
l2tpd l2tpd 0.64
l2tpd l2tpd 0.63
l2tpd l2tpd 0.62
Gentoo Linux 1.4

- 漏洞讨论

l2tpd is reportedly affected by a BSS (block started by symbol) based buffer overflow vulnerability. This issue is due to a failure of the application to properly validate user supplied string lengths.

This issue has been reported to be extremely difficult to exploit; code execution is extremely unlikely. This issue might be leveraged to cause the affected application to behave unpredictably and perhaps crash.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: &lt;;.

- 解决方案

Debian has released security advisory DSA 530-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo has released advisory GLSA 200407-17 dealing with this issue. They have advised that users take the following actions and upgrade to the latest stable version:

# emerge sync

# emerge -pv ">=net-l2tpd-0.69-r2"
# emerge ">=net-l2tpd-0.69-r2"

For more information, please see the referenced Gentoo advisory.

l2tpd l2tpd 0.67

- 相关参考