Critical PPP Daemon Flaw
Miroslav Lachman
000.fbsd at quip.cz
Mon Mar 9 18:40:30 UTC 2020
Eugene Grosbein wrote on 2020/03/09 18:15:
> 09.03.2020 20:49, Cy Schubert wrote:
>
>> On March 9, 2020 4:23:10 AM PDT, Miroslav Lachman <000.fbsd at quip.cz> wrote:
>>> I don't know if FreeBSD is vulnerable or not. There are main Linux
>>> distros and NetBSD listed in the article.
>>>
>>> https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html
>>>
>>> The vulnerability, tracked as CVE-2020-8597 [1] with CVSS Score 9.8,
>>> can
>>> be exploited by unauthenticated attackers to remotely execute arbitrary
>>>
>>> code on affected systems and take full control over them.
>>>
>>> [1] https://www.kb.cert.org/vuls/id/782301/
>> Probably not. Ours is a different codebase from NetBSD.
>> I haven't looked at what Red Hat has, no comment about theirs.
>> However it would be prudent to verify our pppd isn't also vulnerable.
>
> We have not pppd at all, in any supported branch.
>
> We had pppd(8) and ppp(4) kernel driver used by pppd upto FreeBSD 7
> and they did panic kernel if used with MPSAFE knob enabled, because ppp(4) was not mp-safe.
> Due to that reason (and nobody updated the driver), both of ppp(4) and pppd(8) were removed before 8.0-RELEASE.
>
> We have net/mpd5 daemon that can be used instead of pppd and mpd5 is not vulnerable
> due to its completely different code base including part parsing EAP messages.
>
> And, of course, we have ppp(8) "user-ppp" utility.
Thank you for the clarification!
Kind regards
Miroslav Lachman
More information about the freebsd-security
mailing list