Date: Tue, 12 Dec 2000 15:42:31 -0200
Subject: [CLA-2000:357] Conectiva Linux Security Announcement -
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : rp-pppoe
SUMMARY : Denial of service
DATE : 2000-12-12 15:41:00
ID : CLA-2000:357
RELEASES : 6.0
rp-pppoe is an userspace PPPoE client mainly used with ADSL
connections which require PPP.
The version distributed with Conectiva Linux 6.0 has a security
problem which, if exploited, would cause the connection to be
If rp-pppoe receives a crafted TCP segment with an option where the
option-length field is zero (illegal), the program would enter an
infinite loop and the connection would time-out and be dropped.
All rp-pppoe users should upgrade.
We would like to thank David F. Skoll for releasing a new
version and to Robert Schlabbach for reporting the vulnerability to
Users of Conectiva Linux version 6.0 or higher may use apt to
- add the following line to /etc/apt/sources.list if it is not
there yet (you may also use linuxconf to do this):
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.