FreeBSD Security Advisory FreeBSD-SA-06:18.ppp

Wed Aug 23 22:35:07 UTC 2006

Am 23.08.2006 um 22:18 schrieb FreeBSD Security Advisories:

> III. Impact
>
> An attacker able to send LCP packets, including the remote end of a  
> ppp(4)
> connection, can cause the FreeBSD kernel to panic.  Such an  
> attacker may
> also be able to obtain sensitive information or gain elevated  
> privileges.
...
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> Branch                                                            
> Revision
>   Path
> -  
> ---------------------------------------------------------------------- 
> ---
> RELENG_4
>   src/sys/net/if_spppsubr.c                                      
> 1.59.2.15
...

ppp(4) or sppp(4)?  Looking at the patch, it seems to be sppp(4),  
which is (completely?) seperate from ppp(4), AFAIK.

Also, ppp(8), Brian Somers userland PPP implementation, is not  
affected; a useful bit of information for people who are not as  
familiar with the multitude of PPP implementations in FreeBSD.

Stefan

-- 
Stefan Bethke <stb at lassitu.de>   Fon +49 170 346 0140