VULHUB ™

l2tpd is a Layer 2 Tunneling Protocol daemon, implementing the protocol defined in RFC 2661. Some versions of l2tpd fail to seed the random number generator before calling the function rand(). Predictable random numbers may be used for tunnel and session ids, and within the challenge / response mechanism. A remote attacker may be able to exploit this weakness to predict the behavior of l2tpd, and possibly to attempt a man in the middle attack or to inject malicious data into a legitimate connection.

l2tpd is a Layer 2 Tunneling Protocol daemon, implementing the protocol defined in RFC 2661. Some versions of l2tpd fail to seed the random number generator before calling the function rand(). Predictable random numbers may be used for tunnel and session ids, and within the challenge / response mechanism. A remote attacker may be able to exploit this weakness to predict the behavior of l2tpd, and possibly to attempt a man in the middle attack or to inject malicious data into a legitimate connection.