Bug#427825: pptpd security patch for 1.3.0-2etch1 disrupts tunnel

Wed, 06 Jun 2007 11:03:55 -0700 

Package: pptpd
Version: 1.3.0-2etch1
After upgrading to pptpd 1.3.0-2etch1, I noticed a problem after several minutes of VPN activity. Upon further investigation, the log file pointed to an area of code recently patched to address the denial of service vulnerability as discussed in CVE-2007-0244. 

The log output is as follows:

Jun  4 19:30:18 apollo pptpd[8422]: GRE: accepting packet #17

Jun  4 19:30:18 apollo pptpd[8422]: GRE: buffering packet #16 (expecting 
#18, lost or reordered)

Jun  4 19:30:18 apollo pptpd[8422]: GRE: accepting packet #18
Jun  4 19:30:18 apollo pptpd[8422]: GRE: accepting packet #19
Jun  4 19:30:18 apollo pptpd[8422]: GRE: timeout waiting for -4 packets
Jun  4 19:30:18 apollo pptpd[8422]: GRE: accepting #16 from queue
Jun  4 19:30:18 apollo pptpd[8422]: GRE: accepting packet #20

Jun  4 19:30:18 apollo pppd[8423]: rcvd [proto=0x9841] 87 0b 72 c9 be ab 
c3 09 a7 c0 4e 0f 14 a7 42 e4 70 e7 db 8f f2 08 ef 08 95 42 6c 2e 1e 04 
80 d8 ...

Jun  4 19:30:18 apollo pppd[8423]: Unsupported protocol 0x9841 received

Jun  4 19:30:18 apollo pppd[8423]: sent [LCP ProtRej id=0x2 98 41 87 0b 
72 c9 be ab c3 09 a7 c0 4e 0f 14 a7 42 e4 70 e7 db 8f f2 08 ef 08 95 42 
6c 2e 1e 04 ...]
Jun  4 19:30:18 apollo pppd[8423]: rcvd [proto=0x87] a1 5e 9f 56 27 d8 
42 28 d1 f9 c5 33 25 61 8b 0a b3 8e ab 55 dd a6 24 5f 59 6c b9 85 1c 60 
65 30 ...

Jun  4 19:30:18 apollo pppd[8423]: Unsupported protocol 0x87 received

Jun  4 19:30:18 apollo pppd[8423]: sent [LCP ProtRej id=0x3 00 87 a1 5e 
9f 56 27 d8 42 28 d1 f9 c5 33 25 61 8b 0a b3 8e ab 55 dd a6 24 5f 59 6c 
b9 85 1c 60 ...]

Jun  4 19:30:18 apollo pptpd[8422]: GRE: accepting packet #21

[ and so forth, until the connection terminates ]



It would seem that this is caused by sending the parser out-of-order GRE 
packets, but it is not clear to me based on the source of the patch.  I 
repeated this problem multiple times, finally fixing it by downgrading 
to 1.3.0-2 (which does not contain the GRE re-ordering patch).  It would 
seem that the first few log lines about reordering occur normally with 
this downgraded version, but they do not cause the seemingly out-of-sync 
stream of messages that follow.




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]















    











					Reply via email to