Critical PPP Daemon Flaw
Cy Schubert
Cy.Schubert at cschubert.com
Mon Mar 9 14:32:27 UTC 2020
On March 9, 2020 4:23:10 AM PDT, Miroslav Lachman <000.fbsd at quip.cz> wrote:
>I don't know if FreeBSD is vulnerable or not. There are main Linux
>distros and NetBSD listed in the article.
>
>https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html
>
>The vulnerability, tracked as CVE-2020-8597 [1] with CVSS Score 9.8,
>can
>be exploited by unauthenticated attackers to remotely execute arbitrary
>
>code on affected systems and take full control over them.
>
>[1] https://www.kb.cert.org/vuls/id/782301/
>
>Kind regards
>Miroslav Lachman
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>https://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to
>"freebsd-security-unsubscribe at freebsd.org"
Probably not. Ours is a different codebase from NetBSD. I haven't looked at what Red Hat has, no comment about theirs. However it would be prudent to verify our pppd isn't also vulnerable.
--
Pardon the typos and autocorrect, small keyboard in use.
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: https://www.FreeBSD.org
The need of the many outweighs the greed of the few.
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the freebsd-security
mailing list