Ubuntu
pptpd package

Security update of pptpd/dapper broke vpn

Bug #115448 reported by Jörg Roßdeutscher on 2007-05-18
254
Affects Status Importance Assigned to Milestone
pptpd (Ubuntu)
Fix Released
Undecided
Kees Cook
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

Binary package hint: pptpd

After installing pptpd_1.2.3-1ubuntu0.1_powerpc.deb no client could use the tunnel to my server.

Downgrading back to pptpd_1.2.3-1_powerpc.deb made it working again.

I cannot provide further informations right now, because it´s a production machine an I´ll have to wait until today night until playing with it (and unfortunately server clock was wrong, so I cannot locate the problems in the logfiles now), but I´ll start with some specs:

- Dapper Server
- Mac OS X Clients, all 10.4, all up-to-date
- No encryption

Macs try to connect and after some time tell they can´t.

Kees Cook (kees) wrote :

Please let me know when you have tested this further; the change was very minor, and in testing, I was still able to establish working VPN connections.

Changed in pptpd:
assignee: nobody → keescook
Jörg Roßdeutscher (ratti) wrote :

Thanks for your reply. I did some testing now, and the problem persists.

When having the older version installed, everything runs fine. When I update to the patched version, I get this on the server:

May 20 20:17:25 aurora pppd[16481]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2d245e75> <pcomp> <accomp>]
May 20 20:17:25 aurora pptpd[16480]: GRE: Bad checksum from pppd.
May 20 20:17:25 aurora pptpd[16480]: GRE: Discarding out of order packet
May 20 20:17:28 aurora pppd[16481]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2d245e75> <pcomp> <accomp>]
May 20 20:17:28 aurora pptpd[16480]: GRE: Discarding out of order packet
May 20 20:17:28 aurora pptpd[16480]: GRE: Discarding out of order packet
May 20 20:17:31 aurora pppd[16481]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2d245e75> <pcomp> <accomp>]
May 20 20:17:31 aurora pptpd[16480]: GRE: Discarding out of order packet
May 20 20:17:31 aurora pptpd[16480]: GRE: Discarding out of order packet

…and more, repeating.

The client says:

===== Sonntag, 20. Mai 2007 20:16 Uhr Europe/Berlin =====
May 20 20:17:34 pb pppd[4812]: pppd 2.4.2 (Apple version 233-0-4) started by root, uid 503
May 20 20:17:34 pb pppd[4812]: PPTP connecting to server 'EXAMPLE.COM' (X.X.X.X)...\n <- I removed that
May 20 20:17:34 pb pppd[4812]: PPTP connection established.
May 20 20:17:34 pb pppd[4812]: Connect: ppp0 <--> socket[34:17]
May 20 20:18:04 pb pppd[4812]: PPTP hangup
May 20 20:18:04 pb pppd[4812]: Connection terminated.
May 20 20:18:04 pb pppd[4812]: PPTP disconnecting...\n
May 20 20:18:04 pb pppd[4812]: PPTP disconnected\n

I can provide you with the complete syslog-entry of the working- and the not-working vpn-connect, both Macintosh-Client-side and Dapper/PPC-Server side. However, having a possible exploitable pptp online I don´t want to do that in public.

Not being a coder, the above looks to me like the mac pptp client needs the wrong/repaired/whatever package order that was fixed.

Bye, Jörg

Kees Cook (kees) wrote :

Great, thanks for the debugging. A corrected security update should be published shortly as USN-459-2. Sorry for the trouble!

Changed in pptpd:
status: Unconfirmed → Fix Released
Jörg Roßdeutscher (ratti) wrote :

Everything works now.
Thanks a lot for your excellent work.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.
Subscribing...

Other bug subscribers