DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

PCI Compliance report failing on PPtP VPN

  • lectrician
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
06 Dec 2015 07:12 #84879 by lectrician
PCI Compliance report failing on PPtP VPN was created by lectrician
I have a PPtP dial in account on my 2860 router to allow remote management of the network for admin purposes. After a PCI compliance report was carried out on the WAN connection, the following was reported:

Compliance Status: FAIL

VULNERABILITY DETAILS:
CVSS Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Score: 5.9 E:P/RL:O/RC:C
Severity: 5
QID: 38189
Category: General remote services
CVE ID: CVE-2003-0213

Vendor Reference: -
Bugtraq ID: 7316
Last Update: 2014-03-31 22:48:26.0

THREAT:
PoPToP is a PPTP server available for a variety of operating systems.
A buffer overflow vulnerability was discovered in PoPToP PPTP. The problem occurs due to insufficient sanity checks when referencing user-supplied input stored in the
"length" variable. This input is later used in a calculation to determine the length of data to receive using the read() function.
By influencing the "length" value to be 1 or 0, it's possible to affect the calculation in such a way that a negative value will be returned. When this value is later used as the
length parameter to read(), it's possible for the attacker to overwrite sensitive locations in memory.

IMPACT:
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code with the privileges of the affected server, potentially root.

SOLUTION:
The vendor released updated versions of PPTP server to address this vulnerability. Upgrade as soon as possible to a PoPToP version that is not vulnerable. A not
vulnerable version is available for download from http://prdownloads.sourceforge.net/poptop/pptpd-1.1.4-b4.tar.gz?download.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
PoPToP: PoPToP
Virtual Patches:
Trend Micro Virtual Patching
Virtual Patch #1001202: Identified Suspicious Usage Of Shellcode Encoders

RESULT:
Vendor string:DrayTek length:0x1000


I am using firmware 3.7.8. I am not sure if upgrading to the latest will address this issue, or if this is a false positive result?

Thanks.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami