Date: Mon, 09 Mar 2020 06:49:54 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: freebsd-security@freebsd.org, Miroslav Lachman <000.fbsd@quip.cz>, freebsd security <freebsd-security@freebsd.org> Subject: Re: Critical PPP Daemon Flaw Message-ID: <5FD9E59C-1B15-4B07-AA5E-1B6F40CBDD08@cschubert.com> In-Reply-To: <13df3361-87b6-c6c1-e79d-2bbdd0146518@quip.cz> References: <13df3361-87b6-c6c1-e79d-2bbdd0146518@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On March 9, 2020 4:23:10 AM PDT, Miroslav Lachman <000.fbsd@quip.cz> wrote: >I don't know if FreeBSD is vulnerable or not. There are main Linux >distros and NetBSD listed in the article. > >https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html > >The vulnerability, tracked as CVE-2020-8597 [1] with CVSS Score 9.8, >can >be exploited by unauthenticated attackers to remotely execute arbitrary > >code on affected systems and take full control over them. > >[1] https://www.kb.cert.org/vuls/id/782301/ > >Kind regards >Miroslav Lachman >_______________________________________________ >freebsd-security@freebsd.org mailing list >https://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to >"freebsd-security-unsubscribe@freebsd.org" Probably not. Ours is a different codebase from NetBSD. I haven't looked at what Red Hat has, no comment about theirs. However it would be prudent to verify our pppd isn't also vulnerable. -- Pardon the typos and autocorrect, small keyboard in use. Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://www.FreeBSD.org The need of the many outweighs the greed of the few. Sent from my Android device with K-9 Mail. Please excuse my brevity.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5FD9E59C-1B15-4B07-AA5E-1B6F40CBDD08>