Date: Tue, 12 Dec 2000 15:42:31 -0200
Subject: [CLA-2000:357] Conectiva Linux Security Announcement -
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : rp-pppoe
SUMMARY : Denial of service
DATE : 2000-12-12 15:41:00
ID : CLA-2000:357
RELEASES : 6.0
rp-pppoe is an userspace PPPoE client mainly used with ADSL
connections which require PPP.
The version distributed with Conectiva Linux 6.0 has a security
problem which, if exploited, would cause the connection to be
If rp-pppoe receives a crafted TCP segment with an option where the
option-length field is zero (illegal), the program would enter an
infinite loop and the connection would time-out and be dropped.
All rp-pppoe users should upgrade.
We would like to thank David F. Skoll for releasing a new
version and to Robert Schlabbach for reporting the vulnerability to
Users of Conectiva Linux version 6.0 or higher may use apt to
- add the following line to /etc/apt/sources.list if it is not
there yet (you may also use linuxconf to do this):