CVE-2015-3310
ppp - security update
EPSS 1.7%
Description
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.
How to fix CVE-2015-3310
To remediate CVE-2015-3310, upgrade the affected package to a fixed version below.
- Debian/ppp—upgrade to 2.4.6-3.1 or later
- Debian/ppp—upgrade to 2.4.5-4+deb6u2 or later
- Debian/ppp—upgrade to 2.4.5-5.1+deb7u2 or later
Is CVE-2015-3310 being exploited?
Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.4.6-3.1
- from 0, < 2.4.5-4+deb6u2
- from 0, < 2.4.5-5.1+deb7u2