Date: 26 Oct 2000 20:49:04 -0000 From: venglin@freebsd.lublin.pl To: FreeBSD-gnats-submit@freebsd.org Subject: bin/22319: Malicious remote user can cause ppp(8) to segfault Message-ID: <20001026204904.96970.qmail@riget.scene.pl>
next in thread | raw e-mail | index | archive | help
>Number: 22319 >Category: bin >Synopsis: Malicious remote user can cause ppp(8) to segfault >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Oct 26 13:50:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Przemyslaw Frasunek >Release: FreeBSD 4.1.1-STABLE i386 >Organization: ISMEDIA >Environment: FreeBSD ext-fw.czuby.net 4.1.1-STABLE FreeBSD 4.1.1-STABLE #2: Fri Oct 6 13:04:26 CEST 2000 venglin@riget.scene.pl:/sys/compile/LUBI i386 Ppp(8) with server enabled (set server). Configuration file: default: set device /dev/cuaa1 set speed 115200 set log +warning +error +alert nat enable yes set server +23 password_here nat unregistered_only yes set mtu 500 set urgent tcp set urgent tcp +21 +22 +23 +6667 set urgent udp set urgent udp +53 +514 set sendpipe 1024 set recvpipe 1024 enable deflate24 accept deflate24 leased: set ifaddr 212.182.118.90 212.182.118.89 255.255.255.252 >Description: Look below. >How-To-Repeat: riget:venglin:~> cat /dev/urandom | nc ext-fw.czuby.net 23 >& /dev/null [wait few seconds] ... pid 580 (ppp), uid 0: exited on signal 11 (core dumped) Sorry, I can't provide stack backtrace at this moment, I'm running PPP on a diskless machine. >Fix: Unknown. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001026204904.96970.qmail>