Ubuntu
pptpd package

Security update of pptpd/dapper broke vpn

Bug #115448 reported by Jörg Roßdeutscher
254
Affects Status Importance Assigned to Milestone
pptpd (Ubuntu)
Fix Released
Undecided
Kees Cook

Bug Description

Binary package hint: pptpd

After installing pptpd_1.2.3-1ubuntu0.1_powerpc.deb no client could use the tunnel to my server.

Downgrading back to pptpd_1.2.3-1_powerpc.deb made it working again.

I cannot provide further informations right now, because it´s a production machine an I´ll have to wait until today night until playing with it (and unfortunately server clock was wrong, so I cannot locate the problems in the logfiles now), but I´ll start with some specs:

- Dapper Server
- Mac OS X Clients, all 10.4, all up-to-date
- No encryption

Macs try to connect and after some time tell they can´t.

Revision history for this message
Kees Cook (kees) wrote :

Please let me know when you have tested this further; the change was very minor, and in testing, I was still able to establish working VPN connections.

Changed in pptpd:
assignee: nobody → keescook
Revision history for this message
Jörg Roßdeutscher (ratti) wrote :

Thanks for your reply. I did some testing now, and the problem persists.

When having the older version installed, everything runs fine. When I update to the patched version, I get this on the server:

May 20 20:17:25 aurora pppd[16481]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2d245e75> <pcomp> <accomp>]
May 20 20:17:25 aurora pptpd[16480]: GRE: Bad checksum from pppd.
May 20 20:17:25 aurora pptpd[16480]: GRE: Discarding out of order packet
May 20 20:17:28 aurora pppd[16481]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2d245e75> <pcomp> <accomp>]
May 20 20:17:28 aurora pptpd[16480]: GRE: Discarding out of order packet
May 20 20:17:28 aurora pptpd[16480]: GRE: Discarding out of order packet
May 20 20:17:31 aurora pppd[16481]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2d245e75> <pcomp> <accomp>]
May 20 20:17:31 aurora pptpd[16480]: GRE: Discarding out of order packet
May 20 20:17:31 aurora pptpd[16480]: GRE: Discarding out of order packet

…and more, repeating.

The client says:

===== Sonntag, 20. Mai 2007 20:16 Uhr Europe/Berlin =====
May 20 20:17:34 pb pppd[4812]: pppd 2.4.2 (Apple version 233-0-4) started by root, uid 503
May 20 20:17:34 pb pppd[4812]: PPTP connecting to server 'EXAMPLE.COM' (X.X.X.X)...\n <- I removed that
May 20 20:17:34 pb pppd[4812]: PPTP connection established.
May 20 20:17:34 pb pppd[4812]: Connect: ppp0 <--> socket[34:17]
May 20 20:18:04 pb pppd[4812]: PPTP hangup
May 20 20:18:04 pb pppd[4812]: Connection terminated.
May 20 20:18:04 pb pppd[4812]: PPTP disconnecting...\n
May 20 20:18:04 pb pppd[4812]: PPTP disconnected\n

I can provide you with the complete syslog-entry of the working- and the not-working vpn-connect, both Macintosh-Client-side and Dapper/PPC-Server side. However, having a possible exploitable pptp online I don´t want to do that in public.

Not being a coder, the above looks to me like the mac pptp client needs the wrong/repaired/whatever package order that was fixed.

Bye, Jörg

Revision history for this message
Kees Cook (kees) wrote :

Great, thanks for the debugging. A corrected security update should be published shortly as USN-459-2. Sorry for the trouble!

Changed in pptpd:
status: Unconfirmed → Fix Released
Revision history for this message
Jörg Roßdeutscher (ratti) wrote :

Everything works now.
Thanks a lot for your excellent work.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.