On Jun 5, 2018, a security researcher published details of a critical remote code execution (RCE) vulnerability in the Point-to-Point Tunneling Protocol (PPTP). By sending specially crafted PPTP packets with a certain length, an attacker could exploit this vulnerability to take control of an affected system. The severity rating of this vulnerability is Critical. This is the first time that a remote code execution vulnerability has been discovered in the PPTP. What makes this discovery even more significant is the fact that this is not the first time that a remote code execution vulnerability has been exploited in PPTP. On Jul 2, 2017, Fortinet researchers reported a critical remote code execution vulnerability in the protocol. The remote code execution vulnerability could be exploited by an attacker to take control of an affected system. What makes this discovery even more significant is the fact this is not the first time that a remote code execution vulnerability has been exploited in the protocol. On Aug 23, 2016, Fortinet researchers reported another critical remote code execution vulnerability in the protocol. The remote code execution vulnerability could be exploited by an attacker to take control of an affected system. What makes this discovery even more significant is the fact this is not the first time that a remote code execution vulnerability has been exploited in the protocol

How to check if your system is affected by the Point-to-Point Tunneling Protocol

To check if your system is affected by the vulnerability, you must use the following steps:
1. Open a command prompt in administrator mode
2. Locate the file path %SystemRoot%\system32\pptp.sys from memory and run it
3. If you get a message saying "File not found", then your system is not affected by the vulnerability

Remote Code Execution Through PPTP Vulnerability

Vulnerabilities in Point-to-Point Tunneling Protocol (PPTP), an obsolete VPN protocol, are widely known for being exploited by cybercriminals. However, this is the first time that a remote code execution vulnerability has been discovered in the PPTP.
The vulnerability resides in the way that PPTP sends packets to the other side of a connection. If a malicious user sends specially crafted PPTP packets with a certain length, they could exploit this vulnerability to take control of an affected system. The severity rating of this vulnerability is Critical.

Technical details

This vulnerability is caused by a buffer overflow error in the PPTP code. The vulnerable code segment is located in the function "SendReceivePacket". In this function, a piece of data called "packet_length" gets passed to a local variable called "destination_len". This value holds the length of the packet to be sent or received. If an attacker sends a message with a specially crafted length greater than 253 bytes and less than 256 bytes, they would then be able to execute arbitrary code on an affected system.
The affected software includes Microsoft Windows Vista, Windows Server 2008 R2, Windows 7, Windows 8 and 8.1, Windows 10 and its server variants, as well as Apple Mac OS X versions 10.6 - 10.11 and iOS versions 5 - 9.3

Timeline

Published on: 05/10/2022 21:15:00 UTC
Last modified on: 05/18/2022 18:32:00 UTC

References