aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorremko <remko@FreeBSD.org>2006-08-31 02:14:23 +0800
committerremko <remko@FreeBSD.org>2006-08-31 02:14:23 +0800
commit391bb8fc4b55bf6a04ce00353cdbbacd80cc7355 (patch)
tree8795ac68050ad3c5e24fc165e63532fe0db790de /security
parentde49bc79bb823484dea04c37f1e7b883eafe74ef (diff)
downloadfreebsd-ports-gnome-391bb8fc4b55bf6a04ce00353cdbbacd80cc7355.tar.gz
freebsd-ports-gnome-391bb8fc4b55bf6a04ce00353cdbbacd80cc7355.tar.zst
freebsd-ports-gnome-391bb8fc4b55bf6a04ce00353cdbbacd80cc7355.zip
Update the latest FreeBSD-SA entry, ppp got replaced by sppp.
Also implement a suggestion from Simon, mark all versions before the latest version vulnerable.
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml11
1 files changed, 6 insertions, 5 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index d0cdc92cea52..683a14f4f2f4 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -65,11 +65,11 @@ Note: Please add new entries to the beginning of this file.
</vuln>
<vuln vid="c9d2e361-32fb-11db-a6e2-000e0c2e438a">
- <topic>ppp -- buffer overflow vulnerability</topic>
+ <topic>sppp -- buffer overflow vulnerability</topic>
<affects>
<system>
<name>FreeBSD</name>
- <range><ge>4.11</ge><lt>4.11_20</lt></range>
+ <range><lt>4.11_20</lt></range>
<range><ge>5.3</ge><lt>5.3_32</lt></range>
<range><ge>5.4</ge><lt>5.4_17</lt></range>
<range><ge>5.5</ge><lt>5.5_3</lt></range>
@@ -81,17 +81,17 @@ Note: Please add new entries to the beginning of this file.
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description</h1>
<p>While processing Link Control Protocol (LCP) configuration
- options received from the remote host, ppp(4) fails to
+ options received from the remote host, sppp(4) fails to
correctly validate option lengths. This may result in data
being read or written beyond the allocated kernel memory
buffer.</p>
<h1>Impact</h1>
<p>An attacker able to send LCP packets, including the remote
- end of a ppp(4) connection, can cause the FreeBSD kernel to
+ end of a sppp(4) connection, can cause the FreeBSD kernel to
panic. Such an attacker may also be able to obtain
sensitive information or gain elevated privileges.</p>
<h1>Workaround</h1>
- <p>No workaround is available, but systems which do not use ppp(4) are not
+ <p>No workaround is available, but systems which do not use sppp(4) are not
vulnerable.</p>
</body>
</description>
@@ -102,6 +102,7 @@ Note: Please add new entries to the beginning of this file.
<dates>
<discovery>2006-08-23</discovery>
<entry>2006-08-23</entry>
+ <modified>2006-08-30</modified>
</dates>
</vuln>