Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft PPTP Buffer Overflow; VPNs Vulnerable

Posted by ryuzaki0 on from the no-rest-for-the-weary-MSCE dept.

An anonymous reader writes "According to this InfoWorld article, a buffer overflow exploit has been discovered for Microsoft's PPTP implementation, which leaves Microsoft VPN solutions vulnerable to exploit. This overflow was discovered by the German security firm Phion; they have posted more info on this page." We might as well throw in yet another remote exploit for FrontPage, too. No, not last week's remote exploits - these are new. Coincidentally, the front group Microsoft organized for the purpose of quashing bug disclosure (that is, reducing Microsoft's bad press) is just now getting underway.

3 of 338 comments (clear)

  1. hello me by name_already_in_use · · Score: 0, Offtopic

    hello to me

    --


    Rake Free + Mac Poker: CardCrusade
  2. Re:And its a good thing! by whmac33 · · Score: 0, Offtopic

    a=b ; a^2=ab ; a^2-b^2=ab-b^2 ; (a+b)(a-b)=b(a-b) ; (a+b)=b ; 2b=b ; 2=1

    From (a+b)(a-b)=b(a-b) to (a+b)=b your dividing by a-b which is 0 since a = b and thus the rest is undefined.

  3. Re:And its a good thing! by koh · · Score: 0, Offtopic

    --Does Linux offer a way you can declare certain ports as non privlidged?

    All ports are "privileged" by default on *NIX systems. You have to call ioperm() with root privileges in order to make ports "unprivileged".

    According to `man 2 ioperm` :

    Permissions are not inherited on fork, but on exec they are. This is useful for giving port access permissions to non-privileged tasks.

    So it can be done by having your FTP daemon exec()ed by a process run as root, having that process previously call ioperm() on the requested ports.

    I don't know if inetd/xinetd can do this. Neither do I know of any other project. Roll up your own :)

    --
    Karma cannot be described by words alone.