Linux Kernel PPTP Uninitialized Memory Vulnerability in Packet Transmission Function

A vulnerability has been identified in the Linux kernel's Point-to-Point Tunneling Protocol (PPTP) implementation. The issue arises in the 'pptp_xmit' function within the 'drivers/net/ppp/pptp.c' file, where the function may read uninitialized data from socket buffers (skbs). This vulnerability was introduced in Linux version 2.6.12-rc2 and exists in the stable branch of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to the reading of uninitialized memory, which may be manipulated to cause unintended behavior in the application or system.

Reproduction

The vulnerability can be reproduced by sending a PPTP packet that takes advantage of the 'pptp_xmit' function. This can be done by using a PPPoE connection that bridges to a PPTP channel. The 'pppoe_sendmsg' function can be used to send the message, which will trigger the vulnerability by causing 'pptp_xmit' to process the packet without proper length validation.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the patched version can be found in the Linux Kernel Git Repository.