An integer overflow in PPP might allow local attackers to obtain sensitive information.
Package | net-dialup/ppp on all architectures |
---|---|
Affected versions | < 2.4.7 |
Unaffected versions | >= 2.4.7 |
PPP is a Unix implementation of the Point-to-Point Protocol
Integer overflow is discovered in the getword function in options.c in PPP
A local attacker could execute process with extremely long options list, possibly obtaining sensitive information.
There is no known workaround at this time.
All PPP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dialup/ppp-2.4.7"
Release date
December 13, 2014
Latest revision
December 13, 2014: 2
Severity
normal
Exploitable
local
Bugzilla entries