diff options
author | remko <remko@FreeBSD.org> | 2006-08-31 02:14:23 +0800 |
---|---|---|
committer | remko <remko@FreeBSD.org> | 2006-08-31 02:14:23 +0800 |
commit | 391bb8fc4b55bf6a04ce00353cdbbacd80cc7355 (patch) | |
tree | 8795ac68050ad3c5e24fc165e63532fe0db790de /security | |
parent | de49bc79bb823484dea04c37f1e7b883eafe74ef (diff) | |
download | freebsd-ports-gnome-391bb8fc4b55bf6a04ce00353cdbbacd80cc7355.tar.gz freebsd-ports-gnome-391bb8fc4b55bf6a04ce00353cdbbacd80cc7355.tar.zst freebsd-ports-gnome-391bb8fc4b55bf6a04ce00353cdbbacd80cc7355.zip |
Update the latest FreeBSD-SA entry, ppp got replaced by sppp.
Also implement a suggestion from Simon, mark all versions before
the latest version vulnerable.
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d0cdc92cea52..683a14f4f2f4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -65,11 +65,11 @@ Note: Please add new entries to the beginning of this file. </vuln> <vuln vid="c9d2e361-32fb-11db-a6e2-000e0c2e438a"> - <topic>ppp -- buffer overflow vulnerability</topic> + <topic>sppp -- buffer overflow vulnerability</topic> <affects> <system> <name>FreeBSD</name> - <range><ge>4.11</ge><lt>4.11_20</lt></range> + <range><lt>4.11_20</lt></range> <range><ge>5.3</ge><lt>5.3_32</lt></range> <range><ge>5.4</ge><lt>5.4_17</lt></range> <range><ge>5.5</ge><lt>5.5_3</lt></range> @@ -81,17 +81,17 @@ Note: Please add new entries to the beginning of this file. <body xmlns="http://www.w3.org/1999/xhtml"> <h1>Problem Description</h1> <p>While processing Link Control Protocol (LCP) configuration - options received from the remote host, ppp(4) fails to + options received from the remote host, sppp(4) fails to correctly validate option lengths. This may result in data being read or written beyond the allocated kernel memory buffer.</p> <h1>Impact</h1> <p>An attacker able to send LCP packets, including the remote - end of a ppp(4) connection, can cause the FreeBSD kernel to + end of a sppp(4) connection, can cause the FreeBSD kernel to panic. Such an attacker may also be able to obtain sensitive information or gain elevated privileges.</p> <h1>Workaround</h1> - <p>No workaround is available, but systems which do not use ppp(4) are not + <p>No workaround is available, but systems which do not use sppp(4) are not vulnerable.</p> </body> </description> @@ -102,6 +102,7 @@ Note: Please add new entries to the beginning of this file. <dates> <discovery>2006-08-23</discovery> <entry>2006-08-23</entry> + <modified>2006-08-30</modified> </dates> </vuln> |