DescriptionInteger overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-74-1, DSA-3079-1
NVD severityhigh
Debian Bugs762789

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ppp (PTS)stretch (security), stretch2.4.7-1+4+deb9u1fixed
buster, buster (security)2.4.7-2+4.1+deb10u1fixed
bookworm, sid, bullseye2.4.9-1+1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

No known exploit yet but potential local privilege escalation to root for users in "dip" group

Search for package or bug name: Reporting problems