Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft PPTP Buffer Overflow; VPNs Vulnerable

Posted by ryuzaki0 on from the no-rest-for-the-weary-MSCE dept.

An anonymous reader writes "According to this InfoWorld article, a buffer overflow exploit has been discovered for Microsoft's PPTP implementation, which leaves Microsoft VPN solutions vulnerable to exploit. This overflow was discovered by the German security firm Phion; they have posted more info on this page." We might as well throw in yet another remote exploit for FrontPage, too. No, not last week's remote exploits - these are new. Coincidentally, the front group Microsoft organized for the purpose of quashing bug disclosure (that is, reducing Microsoft's bad press) is just now getting underway.

2 of 338 comments (clear)

  1. What can be exploited? by masonbrown · · Score: 2, Interesting

    From what I see in the German brief on the exploit, this can write to the memory of the system. So does this mean the worst that can happen is to crash a Windows box?

    Also, does this apply only to Windows systems using PPTP or to VPN hardware devices as well?

  2. Re:MS Bugs by n9hmg · · Score: 3, Interesting

    Snail mail to the federal government now costs us a lot in taxes, and doesn't get to the people very quickly. This is because all mail to the Capitol is diverted to a remote facility, where, in a long FIFO, it is decontaminated (Cl2O, maybe), then opened and faxed to the appropriate office. Email is actually more likely to be read, and better yet is their "write your rep" link, which weeds out the automailers that dilute the effectiveness of email.