Thomas Walpuski reported a buffer overflow in l2tpd, an implementation of the layer 2 tunneling protocol, whereby a remote attacker could potentially cause arbitrary code to be executed by transmitting a specially crafted packet. The exploitability of this vulnerability has not been verified.
For the current stable distribution (woody), this problem has been fixed in version 0.67-1.2.
For the unstable distribution (sid), this problem has been fixed in version 0.70-pre20031121-2.
We recommend that you update your l2tpd package.
MD5 checksums of the listed files are available in the original advisory.