severity 391289 normal thanks On Thu, Oct 05, 2006 at 10:07:33PM +0200, Stefan Fritsch wrote: > CVE-2006-4304: > > Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD > 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before > 20060902 allows remote attackers to cause a denial of service (panic), > obtain sensitive information, and possibly execute arbitrary code via > crafted Link Control Protocol (LCP) packets with an option length that > exceeds the overall length, which triggers the overflow in (1) pppoe > and (2) ippp. NOTE: this issue was originally incorrectly reported > for the ppp driver.
This one has been fixed in version 5.4-18. I am therefore downgrading the severity to normal, as the two other bugs are not considered to be exploitable by the FreeBSD security team. -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `- people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
