cvs commit: src/usr.sbin/pppd cbcp.c

Josef El-Rayes josef at FreeBSD.org
Thu Nov 18 15:38:27 GMT 2004


Xin LI <delphij at FreeBSD.org>:
>   Correct a potential DoS vulnerability, as described at
>   
>   http://www.securityfocus.com/archive/1/379450

This advisory is incorrect.

It is actually not a DoS vulnerability as the attacker
can only kill the connection to him, not others,

see: http://marc.theaimsgroup.com/?l=bugtraq&m=109941891320391

Thanks for MFC'ing this,

Greets, Josef
-- 
Josef El-Rayes                   (__)
Email:	  josef at daemon.li     \\\'',) 
Web:	  http://daemon.li/     \/  \ ^
FreeBSD   Security Team         .\._/_)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 477 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20041118/ee45a568/attachment.bin


More information about the cvs-src mailing list