git: 2c7d4d50c06a - main - security/vuxml: add net/mpd5 PPPoE Server remotely exploitable crash
Eugene Grosbein
eugen at FreeBSD.org
Wed Sep 8 22:08:55 UTC 2021
The branch main has been updated by eugen:
URL: https://cgit.FreeBSD.org/ports/commit/?id=2c7d4d50c06ac12410414813427604ee9af673dd
commit 2c7d4d50c06ac12410414813427604ee9af673dd
Author: Eugene Grosbein <eugen at FreeBSD.org>
AuthorDate: 2021-09-08 21:55:19 +0000
Commit: Eugene Grosbein <eugen at FreeBSD.org>
CommitDate: 2021-09-08 22:02:51 +0000
security/vuxml: add net/mpd5 PPPoE Server remotely exploitable crash
Version 5.9_2 contains security fix for PPPoE servers.
Insufficient validation of incoming PPPoE Discovery request
specially crafted by unauthenticated user might lead to unexpected
termination of the process. The problem affects mpd versions since 5.0.
Installations not using PPPoE server configuration were not affected.
Reported by: Yannick C at SourceForge
Tested by: Yannick C at SourceForge, paul at SourceForge
---
security/vuxml/vuln-2021.xml | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
index 09525e60d803..1b308b51ea74 100644
--- a/security/vuxml/vuln-2021.xml
+++ b/security/vuxml/vuln-2021.xml
@@ -1,3 +1,31 @@
+ <vuln vid="f55921aa-10c9-11ec-8647-00e0670f2660">
+ <topic>MPD5 PPPoE Server remotely exploitable crash</topic>
+ <affects>
+ <package>
+ <name>mpd5</name>
+ <range><ge>5.0</ge></range>
+ <range><lt>5.9_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Version 5.9_2 contains security fix for PPPoE servers.
+ Insufficient validation of incoming PPPoE Discovery request
+ specially crafted by unauthenticated user might lead to unexpected
+ termination of the process. The problem affects mpd versions
+ since 5.0. Installations not using PPPoE server configuration
+ were not affected.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://mpd.sourceforge.net/doc5/mpd4.html#4</url>
+ </references>
+ <dates>
+ <discovery>2021-09-04</discovery>
+ <entry>2021-09-09</entry>
+ </dates>
+ </vuln>
+
<vuln vid="0e561173-0fa9-11ec-a2fa-080027948c12">
<topic>Python -- multiple vulnerabilities</topic>
<affects>
More information about the dev-commits-ports-all
mailing list