Summary
=======
Two vulnerabilities exist in the virtual private dial-up network
(VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used
in certain Cisco IOS releases prior to 12.3. PPTP is only one of the
supported tunneling protocols used to tunnel PPP frames within the
VPDN solution.
The first vulnerability is a memory leak that occurs as a result of
* Airline Product Set (ALPS)
* Serial Tunnel Code (STUN) and Block Serial Tunnel Code (BSTUN)
* Native Client Interface Architecture support (NCIA)
* Data-link switching (DLSw)
* Remote Source-Route Bridging (RSRB)
* Point to Point Tunneling Protocol (PPTP)
* X.25 for Record Boundary Preservation (RBP)
* X.25 over TCP (XOT)
* X.25 Routing
Information on how to determine whether an affected feature is
Debian Security Advisory DSA 1288-2 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 2nd, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : pptpd
Vulnerability : programming error
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-0244
