[pptp-server] Kernel panic with 2.4.17-2.4.19pre2 + Win98 client
Frank Cusack
fcusack at fcusack.com
Sat Mar 16 03:26:49 CST 2002
On Fri, Mar 15, 2002 at 10:35:24AM -0600, Nate Carlson wrote:
> On 15 Mar 2002, R. de Vroede wrote:
> > Hmm. Just maybe.... Check this out (Quote-malformed set of compressed
> > data-Unquote): *** {02.10.014} Cross - zlib double free decompression
> > bug
> >
> > zlib library prior to version 1.1.4 contains a bug that could allow a
> > particularly malformed set of compressed data to execute arbitrary
> > code. All programs that use zlib are vulnerable. Programs could
> > include SSH, GPG and VNC.
>
> *snip*
>
> Hmm, yeah, it's a possiblity.
Not really. You didn't mention if you were forcing MPPE or not. Assuming
you are, the MPPE code path does not use zlib. It could only be an issue if
your clients negotiate deflate compression.
/fc
More information about the pptp-server
mailing list