Date: Thu, 24 Aug 2006 00:34:20 +0200 From: Stefan Bethke <stb@lassitu.de> To: FreeBSD Security <freebsd-security@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:18.ppp Message-ID: <8E506F0D-FCBD-4FE0-B137-7157EC1D5E22@lassitu.de> In-Reply-To: <200608232218.k7NMISv9072214@freefall.freebsd.org> References: <200608232218.k7NMISv9072214@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 23.08.2006 um 22:18 schrieb FreeBSD Security Advisories: > III. Impact > > An attacker able to send LCP packets, including the remote end of a > ppp(4) > connection, can cause the FreeBSD kernel to panic. Such an > attacker may > also be able to obtain sensitive information or gain elevated > privileges. ... > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > Branch > Revision > Path > - > ---------------------------------------------------------------------- > --- > RELENG_4 > src/sys/net/if_spppsubr.c > 1.59.2.15 ... ppp(4) or sppp(4)? Looking at the patch, it seems to be sppp(4), which is (completely?) seperate from ppp(4), AFAIK. Also, ppp(8), Brian Somers userland PPP implementation, is not affected; a useful bit of information for people who are not as familiar with the multitude of PPP implementations in FreeBSD. Stefan -- Stefan Bethke <stb@lassitu.de> Fon +49 170 346 0140
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8E506F0D-FCBD-4FE0-B137-7157EC1D5E22>