Date: Mon, 09 Mar 2020 06:49:54 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: freebsd-security@freebsd.org, Miroslav Lachman <000.fbsd@quip.cz>, freebsd security <freebsd-security@freebsd.org> Subject: Re: Critical PPP Daemon Flaw Message-ID: <5FD9E59C-1B15-4B07-AA5E-1B6F40CBDD08@cschubert.com> In-Reply-To: <13df3361-87b6-c6c1-e79d-2bbdd0146518@quip.cz> References: <13df3361-87b6-c6c1-e79d-2bbdd0146518@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On March 9, 2020 4:23:10 AM PDT, Miroslav Lachman <000=2Efbsd@quip=2Ecz> wr= ote: >I don't know if FreeBSD is vulnerable or not=2E There are main Linux=20 >distros and NetBSD listed in the article=2E > >https://thehackernews=2Ecom/2020/03/ppp-daemon-vulnerability=2Ehtml > >The vulnerability, tracked as CVE-2020-8597 [1] with CVSS Score 9=2E8, >can=20 >be exploited by unauthenticated attackers to remotely execute arbitrary > >code on affected systems and take full control over them=2E > >[1] https://www=2Ekb=2Ecert=2Eorg/vuls/id/782301/ > >Kind regards >Miroslav Lachman >_______________________________________________ >freebsd-security@freebsd=2Eorg mailing list >https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to >"freebsd-security-unsubscribe@freebsd=2Eorg" Probably not=2E Ours is a different codebase from NetBSD=2E I haven't look= ed at what Red Hat has, no comment about theirs=2E However it would be prud= ent to verify our pppd isn't also vulnerable=2E --=20 Pardon the typos and autocorrect, small keyboard in use=2E=20 Cy Schubert <Cy=2ESchubert@cschubert=2Ecom> FreeBSD UNIX: <cy@FreeBSD=2Eorg> Web: https://www=2EFreeBSD=2Eorg The need of the many outweighs the greed of the few=2E Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5FD9E59C-1B15-4B07-AA5E-1B6F40CBDD08>