Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft PPTP Buffer Overflow; VPNs Vulnerable

Posted by ryuzaki0 on from the no-rest-for-the-weary-MSCE dept.

An anonymous reader writes "According to this InfoWorld article, a buffer overflow exploit has been discovered for Microsoft's PPTP implementation, which leaves Microsoft VPN solutions vulnerable to exploit. This overflow was discovered by the German security firm Phion; they have posted more info on this page." We might as well throw in yet another remote exploit for FrontPage, too. No, not last week's remote exploits - these are new. Coincidentally, the front group Microsoft organized for the purpose of quashing bug disclosure (that is, reducing Microsoft's bad press) is just now getting underway.

7 of 338 comments (clear)

  1. Re:Hey, Guess what? by Anonymous Coward · · Score: -1, Offtopic

    Guess what !
    I got a fever !
    And the only prescription is...more Linux !

  2. I know this is offtopic, maybe someone can help ? by Anonymous Coward · · Score: -1, Offtopic

    Now that Madelyne Toogood is free in society, does anybody know when she'll be making her first amateur porn?

    Maybe I'm not the only one thinking of her in this way ? ................

  3. Re:I know this is offtopic, maybe someone can help by Anonymous Coward · · Score: -1, Offtopic

    They left the house/In two straight lines/The smallest one was Madeline.

  4. hah by Anonymous Coward · · Score: -1, Offtopic

    HAHAHAHAHAHAHHAHA

    sorry

  5. hello me by name_already_in_use · · Score: 0, Offtopic

    hello to me

    --


    Rake Free + Mac Poker: CardCrusade
  6. Re:And its a good thing! by whmac33 · · Score: 0, Offtopic

    a=b ; a^2=ab ; a^2-b^2=ab-b^2 ; (a+b)(a-b)=b(a-b) ; (a+b)=b ; 2b=b ; 2=1

    From (a+b)(a-b)=b(a-b) to (a+b)=b your dividing by a-b which is 0 since a = b and thus the rest is undefined.

  7. Re:And its a good thing! by koh · · Score: 0, Offtopic

    --Does Linux offer a way you can declare certain ports as non privlidged?

    All ports are "privileged" by default on *NIX systems. You have to call ioperm() with root privileges in order to make ports "unprivileged".

    According to `man 2 ioperm` :

    Permissions are not inherited on fork, but on exec they are. This is useful for giving port access permissions to non-privileged tasks.

    So it can be done by having your FTP daemon exec()ed by a process run as root, having that process previously call ioperm() on the requested ports.

    I don't know if inetd/xinetd can do this. Neither do I know of any other project. Roll up your own :)

    --
    Karma cannot be described by words alone.