Critical PPP Daemon Flaw
Eugene Grosbein
eugen at grosbein.net
Mon Mar 9 17:17:37 UTC 2020
09.03.2020 20:49, Cy Schubert wrote:
> On March 9, 2020 4:23:10 AM PDT, Miroslav Lachman <000.fbsd at quip.cz> wrote:
>> I don't know if FreeBSD is vulnerable or not. There are main Linux
>> distros and NetBSD listed in the article.
>>
>> https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html
>>
>> The vulnerability, tracked as CVE-2020-8597 [1] with CVSS Score 9.8,
>> can
>> be exploited by unauthenticated attackers to remotely execute arbitrary
>>
>> code on affected systems and take full control over them.
>>
>> [1] https://www.kb.cert.org/vuls/id/782301/
>>
>> Kind regards
>> Miroslav Lachman
>> _______________________________________________
>> freebsd-security at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to
>> "freebsd-security-unsubscribe at freebsd.org"
>
> Probably not. Ours is a different codebase from NetBSD.
> I haven't looked at what Red Hat has, no comment about theirs.
> However it would be prudent to verify our pppd isn't also vulnerable.
We have not pppd at all, in any supported branch.
We had pppd(8) and ppp(4) kernel driver used by pppd upto FreeBSD 7
and they did panic kernel if used with MPSAFE knob enabled, because ppp(4) was not mp-safe.
Due to that reason (and nobody updated the driver), both of ppp(4) and pppd(8) were removed before 8.0-RELEASE.
We have net/mpd5 daemon that can be used instead of pppd and mpd5 is not vulnerable
due to its completely different code base including part parsing EAP messages.
And, of course, we have ppp(8) "user-ppp" utility.
More information about the freebsd-security
mailing list