L2TPNS Heartbeat Handling Denial of Service Vulnerability

Bugtraq ID:	21443
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2006-5873
Remote:	Yes
Local:	No
Published:	Dec 05 2006 12:00AM
Updated:	Jan 17 2007 05:30PM
Credit:	Rhys Kidd is credited with the discovery of this vulnerability.
Vulnerable:	l2tpns l2tpns 2.1 l2tpns l2tpns 2.0.14 l2tpns l2tpns 2.0.13 l2tpns l2tpns 1.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1
Not Vulnerable:	l2tpns l2tpns 2.1.21

L2TPNS Heartbeat Handling Denial of Service Vulnerability

The l2tpns program is prone to a denial-of-service vulnerability because it fails to properly handle user-supplied data.

Attackers can exploit this issue to crash the affected application, effectively denying service to legitimate users. Attackers may be able to exploit this issue to execute arbitrary code, but this has not been confirmed.

L2TPNS Heartbeat Handling Denial of Service Vulnerability

An attacker can exploit this issue via standard networking tools.

L2TPNS Heartbeat Handling Denial of Service Vulnerability

Solution:
The vendor has released version 2.1.21 to address this issue.

Please see the references for more information.


l2tpns l2tpns 1.1

• l2tpns l2tpns-2.1.21.tar.gz
  http://downloads.sourceforge.net/l2tpns/l2tpns-2.1.21.tar.gz

l2tpns l2tpns 2.0.13

• l2tpns l2tpns-2.1.21.tar.gz
  http://downloads.sourceforge.net/l2tpns/l2tpns-2.1.21.tar.gz

l2tpns l2tpns 2.0.14

• Debian l2tpns_2.0.14-1sarge1_alpha.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1s arge1_alpha.deb


• Debian l2tpns_2.0.14-1sarge1_amd64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1s arge1_amd64.deb


• Debian l2tpns_2.0.14-1sarge1_arm.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1s arge1_arm.deb


• Debian l2tpns_2.0.14-1sarge1_hppa.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1s arge1_hppa.deb


• Debian l2tpns_2.0.14-1sarge1_i386.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1s arge1_i386.deb


• Debian l2tpns_2.0.14-1sarge1_ia64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1s arge1_ia64.deb


• Debian l2tpns_2.0.14-1sarge1_m68k.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1s arge1_m68k.deb


• Debian l2tpns_2.0.14-1sarge1_mips.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1s arge1_mips.deb


• Debian l2tpns_2.0.14-1sarge1_mipsel.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1s arge1_mipsel.deb


• Debian l2tpns_2.0.14-1sarge1_powerpc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1s arge1_powerpc.deb


• Debian l2tpns_2.0.14-1sarge1_s390.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1s arge1_s390.deb


• Debian l2tpns_2.0.14-1sarge1_sparc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1s arge1_sparc.deb

l2tpns l2tpns 2.1

• l2tpns l2tpns-2.1.21.tar.gz
  http://downloads.sourceforge.net/l2tpns/l2tpns-2.1.21.tar.gz

L2TPNS Heartbeat Handling Denial of Service Vulnerability

References:

• l2tpns Product Page (l2tpns)
  
• Release Name: 2.1.21 (l2tpns)