CVE-2003-0213
PoPToP < 1.1.3-b3/1.1.3-20030409 - Negative Read Overflow
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
6
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.
ctlpacket.c en el servidor PoPToP PPTP anteriores a 1.1.4-b3 permite a atacantes remotos causar una denegación de servicio mediante una longitud de campo de 0 o 1, lo que causa que sea pasado un valor negativo en una operación de lectura, conduciendo a un desbordamiento de búfer.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2003-04-09 First Exploit
- 2003-04-22 CVE Reserved
- 2003-04-26 CVE Published
- 2024-08-08 CVE Updated
- 2024-09-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=105068728421160&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=105154539727967&w=2 | Mailing List | |
| http://sourceforge.net/project/shownotes.php?release_id=138437 | X_refsource_confirm | |
| http://www.kb.cert.org/vuls/id/673993 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/319428 | Mailing List | |
| http://securityfocus.com/archive/1/317995 | ||
| http://www.freewebs.com/blightninjas |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/9952 | 2003-04-09 | |
| https://www.exploit-db.com/exploits/22479 | 2003-04-09 | |
| https://www.exploit-db.com/exploits/19 | 2003-04-25 | |
| https://www.exploit-db.com/exploits/16845 | 2010-11-23 | |
| https://www.exploit-db.com/exploits/16 | 2003-04-18 | |
| http://www.securityfocus.com/bid/7316 | 2024-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2003/dsa-295 | 2016-10-18 | |
| http://www.securityfocus.com/archive/1/317995 | 2016-10-18 |
| URL | Date | SRC |
|---|---|---|
| http://www.novell.com/linux/security/advisories/2003_029.html | 2016-10-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Poptop Search vendor "Poptop" | Pptp Server Search vendor "Poptop" for product "Pptp Server" | 1.0.1 Search vendor "Poptop" for product "Pptp Server" and version "1.0.1" | - |
Affected
| ||||||
| Poptop Search vendor "Poptop" | Pptp Server Search vendor "Poptop" for product "Pptp Server" | 1.1.2 Search vendor "Poptop" for product "Pptp Server" and version "1.1.2" | - |
Affected
| ||||||
| Poptop Search vendor "Poptop" | Pptp Server Search vendor "Poptop" for product "Pptp Server" | 1.1.3 Search vendor "Poptop" for product "Pptp Server" and version "1.1.3" | - |
Affected
| ||||||
| Poptop Search vendor "Poptop" | Pptp Server Search vendor "Poptop" for product "Pptp Server" | 1.1.3_2002-10-09 Search vendor "Poptop" for product "Pptp Server" and version "1.1.3_2002-10-09" | - |
Affected
| ||||||
| Poptop Search vendor "Poptop" | Pptp Server Search vendor "Poptop" for product "Pptp Server" | 1.1.4b1 Search vendor "Poptop" for product "Pptp Server" and version "1.1.4b1" | - |
Affected
| ||||||
| Poptop Search vendor "Poptop" | Pptp Server Search vendor "Poptop" for product "Pptp Server" | 1.1.4b2 Search vendor "Poptop" for product "Pptp Server" and version "1.1.4b2" | - |
Affected
| ||||||