(OpenBSD Issues Fix) BSD UNIX PPP LCP Options Length Buffer Overflow Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1016782 |
|
SecurityTracker URL: http://securitytracker.com/id/1016782
|
|
CVE Reference:
CVE-2006-4304
(Links to External Site)
|
Date: Sep 3 2006
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.8, 3.9
|
Description:
A vulnerability was reported in PPP on BSD-based systems. A remote user can cause denial of service conditions.
The Point-to-Point Protocol (PPP) implementation on FreeBSD, OpenBSD, and NetBSD does not properly validate Line Control Protocol (LCP) options. A remote user (on the PPP connection) can send specially crafted data to cause the target kernel to panic.
It is not known if remote code execution is possible or not.
Pavel Cahyna discovered this vulnerability.
|
Impact:
A remote user can cause the target system to crash.
|
Solution:
OpenBSD has issued the following patches:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/009_sppp.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/014_sppp.patch
|
Vendor URL: www.openbsd.org/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Sat, 2 Sep 2006 21:04:39 -0400
Subject: OpenBSD vulnerability
|
SECURITY FIX: September 2, 2006 All architectures
Due to the failure to correctly validate LCP configuration option lengths, it is
possible for an attacker to send LCP packets via an sppp(4) connection causing the
kernel to panic. CVE-2006-4304
A source code patch exists which remedies this problem.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/009_sppp.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/014_sppp.patch
|
|
