From owner-freebsd-security@freebsd.org Mon Mar 9 11:23:21 2020 Return-Path: <owner-freebsd-security@freebsd.org> Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 36BA025FAD0 for <freebsd-security@mailman.nyi.freebsd.org>; Mon, 9 Mar 2020 11:23:21 +0000 (UTC) (envelope-from SRS0=NaQJ=42=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48bbSP2G9mz4HyH for <freebsd-security@freebsd.org>; Mon, 9 Mar 2020 11:23:15 +0000 (UTC) (envelope-from SRS0=NaQJ=42=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 4A20D2842E for <freebsd-security@freebsd.org>; Mon, 9 Mar 2020 12:23:12 +0100 (CET) Received: from illbsd.quip.test (ip-62-24-92-232.net.upcbroadband.cz [62.24.92.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id B1EA528429 for <freebsd-security@freebsd.org>; Mon, 9 Mar 2020 12:23:10 +0100 (CET) To: freebsd security <freebsd-security@freebsd.org> From: Miroslav Lachman <000.fbsd@quip.cz> Subject: Critical PPP Daemon Flaw Message-ID: <13df3361-87b6-c6c1-e79d-2bbdd0146518@quip.cz> Date: Mon, 9 Mar 2020 12:23:10 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48bbSP2G9mz4HyH X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of SRS0=NaQJ=42=quip.cz=000.fbsd@elsa.codelab.cz has no SPF policy when checking 94.124.105.4) smtp.mailfrom=SRS0=NaQJ=42=quip.cz=000.fbsd@elsa.codelab.cz X-Spamd-Result: default: False [3.95 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(0.84)[ip: (0.30), ipnet: 94.124.104.0/21(0.15), asn: 42000(3.64), country: CZ(0.09)]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[quip.cz]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; TO_DN_ALL(0.00)[]; NEURAL_SPAM_MEDIUM(1.00)[0.997,0]; NEURAL_SPAM_LONG(0.91)[0.914,0]; RCVD_IN_DNSWL_NONE(0.00)[4.105.124.94.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=NaQJ=42=quip.cz=000.fbsd@elsa.codelab.cz]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]; FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=NaQJ=42=quip.cz=000.fbsd@elsa.codelab.cz]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" <freebsd-security.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/> List-Post: <mailto:freebsd-security@freebsd.org> List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 09 Mar 2020 11:23:21 -0000 I don't know if FreeBSD is vulnerable or not. There are main Linux distros and NetBSD listed in the article. https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html The vulnerability, tracked as CVE-2020-8597 [1] with CVSS Score 9.8, can be exploited by unauthenticated attackers to remotely execute arbitrary code on affected systems and take full control over them. [1] https://www.kb.cert.org/vuls/id/782301/ Kind regards Miroslav Lachman From owner-freebsd-security@freebsd.org Mon Mar 9 14:32:27 2020 Return-Path: <owner-freebsd-security@freebsd.org> Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0E6A8263FCA for <freebsd-security@mailman.nyi.freebsd.org>; Mon, 9 Mar 2020 14:32:27 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48bgfc4CKcz3QcY for <freebsd-security@freebsd.org>; Mon, 9 Mar 2020 14:32:24 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id BJS7jQqnWkqGXBJS8jRn2d; Mon, 09 Mar 2020 08:32:21 -0600 X-Authority-Analysis: v=2.3 cv=c/jVvi1l c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=SS2py6AdgQ4A:10 a=bXeX1PwDAAAA:8 a=TWq6ZYQzAAAA:8 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=gWbQ5hvYUvsegHUX94YA:9 a=QEXdDO2ut3YA:10 a=kiV1RKKHogwA:10 a=5uQfOP5KVnhETi4VnffY:22 a=ELI009spOhp4_qEUuRHw:22 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from Resas-iPad.esitwifi.local (S0106788a207e2972.gv.shawcable.net [70.66.154.233]) by spqr.komquats.com (Postfix) with ESMTPSA id 6E11D452; Mon, 9 Mar 2020 07:32:18 -0700 (PDT) Date: Mon, 09 Mar 2020 06:49:54 -0700 User-Agent: K-9 Mail for Android In-Reply-To: <13df3361-87b6-c6c1-e79d-2bbdd0146518@quip.cz> References: <13df3361-87b6-c6c1-e79d-2bbdd0146518@quip.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: Critical PPP Daemon Flaw To: freebsd-security@freebsd.org, Miroslav Lachman <000.fbsd@quip.cz>, freebsd security <freebsd-security@freebsd.org> From: Cy Schubert <Cy.Schubert@cschubert.com> Message-ID: <5FD9E59C-1B15-4B07-AA5E-1B6F40CBDD08@cschubert.com> X-CMAE-Envelope: MS4wfH+iNScSLsdIm+YP/tKI7w629l0bvmdpKXxBBg/o1DEhULAekX5+uy5iYhRIAt6CVQXM7/qj4016pv/JkrQ/wSAOz9YDSIk4lRlvfopTXR6kAFyzPaJr ePz2PdvL4mZ2jqRShqlpzGBFSsdMA+ZMdtjzUzioXoTencFPriK1NZ6AE0PZZiuJCwEdGlBQqjWwNcWz475WaZL/pILRlYao6tUvxov5Mfi+has4fAtw4gPH X-Rspamd-Queue-Id: 48bgfc4CKcz3QcY X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; spf=none (mx1.freebsd.org: domain of cy.schubert@cschubert.com has no SPF policy when checking 64.59.134.12) smtp.mailfrom=cy.schubert@cschubert.com X-Spamd-Result: default: False [-4.72 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[233.154.66.70.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11,17.125.67.70.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[12.134.59.64.rep.mailspike.net : 127.0.0.18]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.993,0]; R_SPF_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[12.134.59.64.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-2.53)[ip: (-6.78), ipnet: 64.59.128.0/20(-3.24), asn: 6327(-2.53), country: CA(-0.09)]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" <freebsd-security.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/> List-Post: <mailto:freebsd-security@freebsd.org> List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 09 Mar 2020 14:32:27 -0000 On March 9, 2020 4:23:10 AM PDT, Miroslav Lachman <000=2Efbsd@quip=2Ecz> wr= ote: >I don't know if FreeBSD is vulnerable or not=2E There are main Linux=20 >distros and NetBSD listed in the article=2E > >https://thehackernews=2Ecom/2020/03/ppp-daemon-vulnerability=2Ehtml > >The vulnerability, tracked as CVE-2020-8597 [1] with CVSS Score 9=2E8, >can=20 >be exploited by unauthenticated attackers to remotely execute arbitrary > >code on affected systems and take full control over them=2E > >[1] https://www=2Ekb=2Ecert=2Eorg/vuls/id/782301/ > >Kind regards >Miroslav Lachman >_______________________________________________ >freebsd-security@freebsd=2Eorg mailing list >https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to >"freebsd-security-unsubscribe@freebsd=2Eorg" Probably not=2E Ours is a different codebase from NetBSD=2E I haven't look= ed at what Red Hat has, no comment about theirs=2E However it would be prud= ent to verify our pppd isn't also vulnerable=2E --=20 Pardon the typos and autocorrect, small keyboard in use=2E=20 Cy Schubert <Cy=2ESchubert@cschubert=2Ecom> FreeBSD UNIX: <cy@FreeBSD=2Eorg> Web: https://www=2EFreeBSD=2Eorg The need of the many outweighs the greed of the few=2E Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E From owner-freebsd-security@freebsd.org Mon Mar 9 17:17:37 2020 Return-Path: <owner-freebsd-security@freebsd.org> Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 239AF267F25 for <freebsd-security@mailman.nyi.freebsd.org>; Mon, 9 Mar 2020 17:17:37 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48blKC2C0Cz4XtG for <freebsd-security@freebsd.org>; Mon, 9 Mar 2020 17:17:34 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 029HG6QS074019 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 9 Mar 2020 17:16:07 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: Cy.Schubert@cschubert.com Received: from [10.58.0.10] (dadvw [10.58.0.10]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id 029HG3dY002853 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 10 Mar 2020 00:16:03 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Critical PPP Daemon Flaw To: Cy Schubert <Cy.Schubert@cschubert.com>, freebsd-security@freebsd.org, Miroslav Lachman <000.fbsd@quip.cz> References: <13df3361-87b6-c6c1-e79d-2bbdd0146518@quip.cz> <5FD9E59C-1B15-4B07-AA5E-1B6F40CBDD08@cschubert.com> From: Eugene Grosbein <eugen@grosbein.net> Message-ID: <efc25a68-9bfa-5838-eaef-a2f6a6817ac2@grosbein.net> Date: Tue, 10 Mar 2020 00:15:54 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <5FD9E59C-1B15-4B07-AA5E-1B6F40CBDD08@cschubert.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 48blKC2C0Cz4XtG X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.94 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.991,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.85)[ip: (-5.12), ipnet: 2a01:4f8::/29(-2.55), asn: 24940(-1.56), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" <freebsd-security.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/> List-Post: <mailto:freebsd-security@freebsd.org> List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 09 Mar 2020 17:17:37 -0000 09.03.2020 20:49, Cy Schubert wrote: > On March 9, 2020 4:23:10 AM PDT, Miroslav Lachman <000.fbsd@quip.cz> wrote: >> I don't know if FreeBSD is vulnerable or not. There are main Linux >> distros and NetBSD listed in the article. >> >> https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html >> >> The vulnerability, tracked as CVE-2020-8597 [1] with CVSS Score 9.8, >> can >> be exploited by unauthenticated attackers to remotely execute arbitrary >> >> code on affected systems and take full control over them. >> >> [1] https://www.kb.cert.org/vuls/id/782301/ >> >> Kind regards >> Miroslav Lachman >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to >> "freebsd-security-unsubscribe@freebsd.org" > > Probably not. Ours is a different codebase from NetBSD. > I haven't looked at what Red Hat has, no comment about theirs. > However it would be prudent to verify our pppd isn't also vulnerable. We have not pppd at all, in any supported branch. We had pppd(8) and ppp(4) kernel driver used by pppd upto FreeBSD 7 and they did panic kernel if used with MPSAFE knob enabled, because ppp(4) was not mp-safe. Due to that reason (and nobody updated the driver), both of ppp(4) and pppd(8) were removed before 8.0-RELEASE. We have net/mpd5 daemon that can be used instead of pppd and mpd5 is not vulnerable due to its completely different code base including part parsing EAP messages. And, of course, we have ppp(8) "user-ppp" utility. From owner-freebsd-security@freebsd.org Mon Mar 9 18:40:30 2020 Return-Path: <owner-freebsd-security@freebsd.org> Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 26AF8269D83 for <freebsd-security@mailman.nyi.freebsd.org>; Mon, 9 Mar 2020 18:40:30 +0000 (UTC) (envelope-from SRS0=NaQJ=42=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48bn8r3vvvz4Zjc for <freebsd-security@freebsd.org>; Mon, 9 Mar 2020 18:40:28 +0000 (UTC) (envelope-from SRS0=NaQJ=42=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 7301128429; Mon, 9 Mar 2020 19:40:25 +0100 (CET) Received: from illbsd.quip.test (ip-62-24-92-232.net.upcbroadband.cz [62.24.92.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id A82A828422; Mon, 9 Mar 2020 19:40:22 +0100 (CET) Subject: Re: Critical PPP Daemon Flaw To: Eugene Grosbein <eugen@grosbein.net>, Cy Schubert <Cy.Schubert@cschubert.com>, freebsd-security@freebsd.org References: <13df3361-87b6-c6c1-e79d-2bbdd0146518@quip.cz> <5FD9E59C-1B15-4B07-AA5E-1B6F40CBDD08@cschubert.com> <efc25a68-9bfa-5838-eaef-a2f6a6817ac2@grosbein.net> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <0898efde-0d5e-68a0-6969-ec096f19a5da@quip.cz> Date: Mon, 9 Mar 2020 19:40:22 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.3 MIME-Version: 1.0 In-Reply-To: <efc25a68-9bfa-5838-eaef-a2f6a6817ac2@grosbein.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48bn8r3vvvz4Zjc X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of SRS0=NaQJ=42=quip.cz=000.fbsd@elsa.codelab.cz has no SPF policy when checking 94.124.105.4) smtp.mailfrom=SRS0=NaQJ=42=quip.cz=000.fbsd@elsa.codelab.cz X-Spamd-Result: default: False [3.85 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; IP_SCORE(0.84)[ip: (0.30), ipnet: 94.124.104.0/21(0.15), asn: 42000(3.64), country: CZ(0.09)]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[quip.cz]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.94)[0.944,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.87)[0.872,0]; RCVD_IN_DNSWL_NONE(0.00)[4.105.124.94.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=NaQJ=42=quip.cz=000.fbsd@elsa.codelab.cz]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]; FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=NaQJ=42=quip.cz=000.fbsd@elsa.codelab.cz]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" <freebsd-security.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/> List-Post: <mailto:freebsd-security@freebsd.org> List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 09 Mar 2020 18:40:30 -0000 Eugene Grosbein wrote on 2020/03/09 18:15: > 09.03.2020 20:49, Cy Schubert wrote: > >> On March 9, 2020 4:23:10 AM PDT, Miroslav Lachman <000.fbsd@quip.cz> wrote: >>> I don't know if FreeBSD is vulnerable or not. There are main Linux >>> distros and NetBSD listed in the article. >>> >>> https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html >>> >>> The vulnerability, tracked as CVE-2020-8597 [1] with CVSS Score 9.8, >>> can >>> be exploited by unauthenticated attackers to remotely execute arbitrary >>> >>> code on affected systems and take full control over them. >>> >>> [1] https://www.kb.cert.org/vuls/id/782301/ >> Probably not. Ours is a different codebase from NetBSD. >> I haven't looked at what Red Hat has, no comment about theirs. >> However it would be prudent to verify our pppd isn't also vulnerable. > > We have not pppd at all, in any supported branch. > > We had pppd(8) and ppp(4) kernel driver used by pppd upto FreeBSD 7 > and they did panic kernel if used with MPSAFE knob enabled, because ppp(4) was not mp-safe. > Due to that reason (and nobody updated the driver), both of ppp(4) and pppd(8) were removed before 8.0-RELEASE. > > We have net/mpd5 daemon that can be used instead of pppd and mpd5 is not vulnerable > due to its completely different code base including part parsing EAP messages. > > And, of course, we have ppp(8) "user-ppp" utility. Thank you for the clarification! Kind regards Miroslav Lachman