diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-06:18.ppp.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-SA-06:18.ppp.asc | 155 |
1 files changed, 0 insertions, 155 deletions
diff --git a/share/security/advisories/FreeBSD-SA-06:18.ppp.asc b/share/security/advisories/FreeBSD-SA-06:18.ppp.asc deleted file mode 100644 index 160de81443..0000000000 --- a/share/security/advisories/FreeBSD-SA-06:18.ppp.asc +++ /dev/null @@ -1,155 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -============================================================================= -FreeBSD-SA-06:08.ppp Security Advisory - The FreeBSD Project - -Topic: Buffer overflow in sppp(4) - -Category: core -Module: sys_net -Announced: 2006-08-23 -Credits: Martin Husemann, Pavel Cahyna -Affects: All FreeBSD releases. -Corrected: 2006-08-23 22:01:44 UTC (RELENG_6, 6.1-STABLE) - 2006-08-23 22:02:25 UTC (RELENG_6_1, 6.1-RELEASE-p4) - 2006-08-23 22:02:52 UTC (RELENG_6_0, 6.0-RELEASE-p10) - 2006-08-23 22:03:55 UTC (RELENG_5, 5.5-STABLE) - 2006-08-23 22:04:28 UTC (RELENG_5_5, 5.5-RELEASE-p3) - 2006-08-23 22:04:58 UTC (RELENG_5_4, 5.4-RELEASE-p17) - 2006-08-23 22:05:49 UTC (RELENG_5_3, 5.3-RELEASE-p32) - 2006-08-23 22:06:08 UTC (RELENG_4, 4.11-STABLE) - 2006-08-23 22:06:40 UTC (RELENG_4_11, 4.11-RELEASE-p20) -CVE Name: CVE-2006-4304 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit -<URL:http://security.freebsd.org/>. - -0. Revision History - -v1.0 2006-08-23 Initial release. -v1.1 2006-08-25 Corrected name of affected driver. - -NOTE WELL: The original version of this advisory identified the affected -driver as ppp(4). This is incorrect; the problem occurs in the sppp(4) -driver instead. - -I. Background - -The sppp(4) driver implements the state machine and the Link Control -Protocol (LCP) of the Point-to-Point Protocol (PPP) and is used in -combination with underlying drivers which provide synchronous -point-to-point connections. In particular, sppp(4) is commonly used -with i4bisppp(4) and ng_sppp(4). - -II. Problem Description - -While processing Link Control Protocol (LCP) configuration options received -from the remote host, sppp(4) fails to correctly validate option lengths. -This may result in data being read or written beyond the allocated kernel -memory buffer. - -III. Impact - -An attacker able to send LCP packets, including the remote end of a sppp(4) -connection, can cause the FreeBSD kernel to panic. Such an attacker may -also be able to obtain sensitive information or gain elevated privileges. - -IV. Workaround - -No workaround is available, but systems which do not use sppp(4) are not -vulnerable. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, -or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3, -or RELENG_4_11 security branch dated after the correction date. - -2) To patch your present system: - -The following patches have been verified to apply to FreeBSD 4.11, 5.3, -5.4, 5.5, 6.0, and 6.1 systems. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -[FreeBSD 4.x] -# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch -# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch.asc - -[FreeBSD 5.3] -# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp53.patch -# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp53.patch.asc - -[FreeBSD 5.4, 5.5, and 6.x] -# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp.patch -# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp.patch.asc - -b) Apply the patch. - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile your kernel as described in -<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the -system. - -VI. Correction details - -The following list contains the revision numbers of each file that was -corrected in FreeBSD. - -Branch Revision - Path -- ------------------------------------------------------------------------- -RELENG_4 - src/sys/net/if_spppsubr.c 1.59.2.15 -RELENG_4_11 - src/UPDATING 1.73.2.91.2.21 - src/sys/conf/newvers.sh 1.44.2.39.2.24 - src/sys/net/if_spppsubr.c 1.59.2.13.10.1 -RELENG_5 - src/sys/net/if_spppsubr.c 1.113.2.3 -RELENG_5_5 - src/UPDATING 1.342.2.35.2.3 - src/sys/conf/newvers.sh 1.62.2.21.2.5 - src/sys/net/if_spppsubr.c 1.113.2.2.4.1 -RELENG_5_4 - src/UPDATING 1.342.2.24.2.26 - src/sys/conf/newvers.sh 1.62.2.18.2.22 - src/sys/net/if_spppsubr.c 1.113.2.2.2.1 -RELENG_5_3 - src/UPDATING 1.342.2.13.2.35 - src/sys/conf/newvers.sh 1.62.2.15.2.37 - src/sys/net/if_spppsubr.c 1.113.2.1.2.1 -RELENG_6 - src/sys/net/if_spppsubr.c 1.119.2.3 -RELENG_6_1 - src/UPDATING 1.416.2.22.2.6 - src/sys/conf/newvers.sh 1.69.2.11.2.6 - src/sys/net/if_spppsubr.c 1.119.2.2.2.1 -RELENG_6_0 - src/UPDATING 1.416.2.3.2.15 - src/sys/conf/newvers.sh 1.69.2.8.2.11 - src/sys/net/if_spppsubr.c 1.119.2.1.2.1 -- ------------------------------------------------------------------------- - -VII. References - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4304 - -The latest revision of this advisory is available at -http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.3 (FreeBSD) - -iD8DBQFE7u0+FdaIBMps37IRAhmDAKCVpSUMmugw8j5HEjMfSTln+3KdjwCeNKmx -Qna3jib3T9pASUWraImZYL0= -=XAoj ------END PGP SIGNATURE----- |