Re: FreeBSD Security Advisory FreeBSD-SA-06:18.ppp



Am 23.08.2006 um 22:18 schrieb FreeBSD Security Advisories:

III. Impact

An attacker able to send LCP packets, including the remote end of a ppp(4)
connection, can cause the FreeBSD kernel to panic. Such an attacker may
also be able to obtain sensitive information or gain elevated privileges.
...
The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch Revision
Path
- ---------------------------------------------------------------------- ---
RELENG_4
src/sys/net/if_spppsubr.c 1.59.2.15
...

ppp(4) or sppp(4)? Looking at the patch, it seems to be sppp(4), which is (completely?) seperate from ppp(4), AFAIK.

Also, ppp(8), Brian Somers userland PPP implementation, is not affected; a useful bit of information for people who are not as familiar with the multitude of PPP implementations in FreeBSD.


Stefan

--
Stefan Bethke <stb@xxxxxxxxxx> Fon +49 170 346 0140


_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"