Roaring Penguin PPPoE Denial of Service Vulnerability

Roaring Penguin PPPoE Denial of Service Vulnerability

Solution:
Upgrade to version 2.5 or higher.

Conectiva has released updates to correct the vulnerability in the version of rp-pppoe shipped with their systems.

Redhat has released an advisory (RHSA-2000:130-05) and fixes to address this vulnerability. Please see the referenced advisory for further information.

Roaring Penguin Software PPPoE 2.0

Roaring Penguin Software rp-pppoe-2.5
http://www.roaringpenguin.com/pppoe/rp-pppoe-2.5.tar.gz

Roaring Penguin Software PPPoE 2.1

Roaring Penguin Software rp-pppoe-2.5
http://www.roaringpenguin.com/pppoe/rp-pppoe-2.5.tar.gz

Roaring Penguin Software PPPoE 2.2

Roaring Penguin Software rp-pppoe-2.5
http://www.roaringpenguin.com/pppoe/rp-pppoe-2.5.tar.gz

Roaring Penguin Software PPPoE 2.3

Roaring Penguin Software rp-pppoe-2.5
http://www.roaringpenguin.com/pppoe/rp-pppoe-2.5.tar.gz

Roaring Penguin Software PPPoE 2.4

Conectiva 6.0 i386 rp-pppoe-2.5-1cl
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rp-pppoe-2.5-1cl.i386.rpm

MandrakeSoft 7.1 i386 rp-pppoe-2.5-2.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.1/RPMS/rp-pppoe -2.5-2.1mdk.i586.rpm

MandrakeSoft 7.2 i386 rp-pppoe-2.5-2.2mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.2/RPMS/rp-pppoe -2.5-2.2mdk.i586.rpm

Roaring Penguin Software rp-pppoe-2.5
http://www.roaringpenguin.com/pppoe/rp-pppoe-2.5.tar.gz