Date: Wed, 8 Sep 2021 22:08:55 GMT From: Eugene Grosbein <eugen@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 2c7d4d50c06a - main - security/vuxml: add net/mpd5 PPPoE Server remotely exploitable crash Message-ID: <202109082208.188M8tVX016686@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by eugen: URL: https://cgit.FreeBSD.org/ports/commit/?id=2c7d4d50c06ac12410414813427604ee9af673dd commit 2c7d4d50c06ac12410414813427604ee9af673dd Author: Eugene Grosbein <eugen@FreeBSD.org> AuthorDate: 2021-09-08 21:55:19 +0000 Commit: Eugene Grosbein <eugen@FreeBSD.org> CommitDate: 2021-09-08 22:02:51 +0000 security/vuxml: add net/mpd5 PPPoE Server remotely exploitable crash Version 5.9_2 contains security fix for PPPoE servers. Insufficient validation of incoming PPPoE Discovery request specially crafted by unauthenticated user might lead to unexpected termination of the process. The problem affects mpd versions since 5.0. Installations not using PPPoE server configuration were not affected. Reported by: Yannick C at SourceForge Tested by: Yannick C at SourceForge, paul at SourceForge --- security/vuxml/vuln-2021.xml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index 09525e60d803..1b308b51ea74 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,31 @@ + <vuln vid="f55921aa-10c9-11ec-8647-00e0670f2660"> + <topic>MPD5 PPPoE Server remotely exploitable crash</topic> + <affects> + <package> + <name>mpd5</name> + <range><ge>5.0</ge></range> + <range><lt>5.9_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Version 5.9_2 contains security fix for PPPoE servers. + Insufficient validation of incoming PPPoE Discovery request + specially crafted by unauthenticated user might lead to unexpected + termination of the process. The problem affects mpd versions + since 5.0. Installations not using PPPoE server configuration + were not affected.</p> + </body> + </description> + <references> + <url>http://mpd.sourceforge.net/doc5/mpd4.html#4</url> + </references> + <dates> + <discovery>2021-09-04</discovery> + <entry>2021-09-09</entry> + </dates> + </vuln> + <vuln vid="0e561173-0fa9-11ec-a2fa-080027948c12"> <topic>Python -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202109082208.188M8tVX016686>