l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| l2tpd | l2tpd | 0.64 |
| l2tpd | l2tpd | 0.65 |
| l2tpd | l2tpd | 0.62 |
| l2tpd | l2tpd | 0.67 |
| l2tpd | l2tpd | 0.66 |
| l2tpd | l2tpd | 0.63 |
Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| l2tpd | l2tpd | 0.64 |
| l2tpd | l2tpd | 0.65 |
| l2tpd | l2tpd | 0.62 |
| l2tpd | l2tpd | 0.67 |
| l2tpd | l2tpd | 0.66 |
| l2tpd | l2tpd | 0.63 |
Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| l2tpd | l2tpd | 0.64 |
| l2tpd | l2tpd | 0.65 |
| l2tpd | l2tpd | 0.69 |
| l2tpd | l2tpd | 0.62 |
| gentoo | linux | 1.4 |
| l2tpd | l2tpd | 0.67 |
| l2tpd | l2tpd | 0.66 |
| l2tpd | l2tpd | 0.68 |
| l2tpd | l2tpd | 0.63 |