DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

l2tpd older than 0.67 vulnerable to a buffer overflow: vigor

  • robauk
  • Topic Author
  • Offline
  • New Member
  • New Member
More
21 Sep 2009 23:23 #57807 by robauk
Hi All,

Im using a bunch of 3300V vigors and in order to keep processing credit cards our bank says we must pass PCI compliance - no problem I thought

When the security check does a port scan of the WAN IPs for the Draytek it fails the checks... So If I cannot fix this is next few days I need to bjump out the window because we wont be able to process credit cards. :shock: :shock:

The routers are all 3300V running latest 2.9.5.0 and the errors are as follows:

1. Protocol: UDP Port: 1701 Detail: The remote host is running a version of l2tpd which is older or equal to 0.67. This version is vulnerable to a buffer overflow which may allow an attacker to gain a root shell on this host. In addition, this program does not initialize its random number generator. Therefore, an attacker may predict some key values and hijack L2TP sessions established to this host. Solution: Upgrade to l2tpd 0.68 or later. Risk Factor: High CVE : CVE-2002-0872, CVE-2002-0873 BID : 5451 Other references : OSVDB:5061, OSVDB:5062 [More]

2. The remote host is running a version of l2tpd which is older or equal to 0.68. This version is vulnerable to a buffer overflow which might allow an attacker to execute arbitrary commands on the remote host with super-user privileges. Solution: Upgrade to l2tpd 0.69 or later. Risk Factor: High CVE : CVE-2004-0649 BID : 10466 Other references : OSVDB:6726


So Im guessing this is referring to the l2tpd version as part of the router:?:

I updated the firmware and the 2003 server (raduis) behind the Vigor is patched up to date

what else can I do?

:idea:

Please Log in or Create an account to join the conversation.

  • robauk
  • Topic Author
  • Offline
  • New Member
  • New Member
More
09 Nov 2009 18:00 #58737 by robauk

RobAUK wrote:
what else can I do?

:idea:



Hi All,

Just to let you know I did log this with Draytek and they confirmed this bug is there in their firmware but they cannot give a time frame to fix this.

The ooly option is to disable L2TP and if you need it use a different vendor I guess, lucky for me I dont actually need it.

Still pretty shocking support from Draytek - are you listening? :!: :!: :!:

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami