From owner-freebsd-security@FreeBSD.ORG  Wed Aug 23 22:35:07 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D2A9A16A4E1
	for <freebsd-security@freebsd.org>;
	Wed, 23 Aug 2006 22:35:07 +0000 (UTC) (envelope-from stb@lassitu.de)
Received: from koef.zs64.net (koef.zs64.net [213.238.47.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F2DCD43D70
	for <freebsd-security@freebsd.org>;
	Wed, 23 Aug 2006 22:34:33 +0000 (GMT) (envelope-from stb@lassitu.de)
Received: (from stb@koef.zs64.net) (authenticated)
	by koef.zs64.net (8.13.8/8.13.7) with ESMTP id k7NMYLpU072528
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO)
	for <freebsd-security@freebsd.org>;
	Thu, 24 Aug 2006 00:34:32 +0200 (CEST) (envelope-from stb@lassitu.de)
Mime-Version: 1.0 (Apple Message framework v752.2)
In-Reply-To: <200608232218.k7NMISv9072214@freefall.freebsd.org>
References: <200608232218.k7NMISv9072214@freefall.freebsd.org>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <8E506F0D-FCBD-4FE0-B137-7157EC1D5E22@lassitu.de>
Content-Transfer-Encoding: 7bit
From: Stefan Bethke <stb@lassitu.de>
Date: Thu, 24 Aug 2006 00:34:20 +0200
To: FreeBSD Security <freebsd-security@freebsd.org>
X-Mailer: Apple Mail (2.752.2)
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:18.ppp
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2006 22:35:07 -0000

Am 23.08.2006 um 22:18 schrieb FreeBSD Security Advisories:

> III. Impact
>
> An attacker able to send LCP packets, including the remote end of a  
> ppp(4)
> connection, can cause the FreeBSD kernel to panic.  Such an  
> attacker may
> also be able to obtain sensitive information or gain elevated  
> privileges.
...
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> Branch                                                            
> Revision
>   Path
> -  
> ---------------------------------------------------------------------- 
> ---
> RELENG_4
>   src/sys/net/if_spppsubr.c                                      
> 1.59.2.15
...

ppp(4) or sppp(4)?  Looking at the patch, it seems to be sppp(4),  
which is (completely?) seperate from ppp(4), AFAIK.

Also, ppp(8), Brian Somers userland PPP implementation, is not  
affected; a useful bit of information for people who are not as  
familiar with the multitude of PPP implementations in FreeBSD.


Stefan

-- 
Stefan Bethke <stb@lassitu.de>   Fon +49 170 346 0140