From owner-freebsd-isp Tue Jun 20 2:52:40 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ady.warpnet.ro (ady.warpnet.ro [194.102.224.1]) by hub.freebsd.org (Postfix) with ESMTP id DA85537BD60; Tue, 20 Jun 2000 02:52:30 -0700 (PDT) (envelope-from ady@warpnet.ro) Received: from localhost (ady@localhost) by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id NAA02647; Tue, 20 Jun 2000 13:00:10 +0300 (EEST) (envelope-from ady@warpnet.ro) Date: Tue, 20 Jun 2000 13:00:10 +0300 (EEST) From: Adrian Penisoara To: freebsd-isp@FreeBSD.ORG Cc: freebsd-security@FreeBSD.ORG, tech@OpenBSD.org, Brian Somers Subject: ATTN: FIX for PPP with >9 tunnels / possible DoS Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, Whoever uses userland PPP with more than 9 tunnel devices compiled in kernel should be updating to the latest (post 2000/06/19) sources, a bug which was affecting route deletion handling has just been committed. What is it all about: at startup PPP was getting a wrong interface index number in the routing table and upon termination it was deleting routes for the wrong tunnel interface. Evil users may exploit this in that they can block those PPP links who use the first tunnel interfaces. For more detalis please chek out PR #19384 ( http://www.freebsd.org/cgi/query-pr.cgi?pr=19384 ); please do not use the patch suggested in the PR, better use the version committed in the CVS tree which is optimised. *All* FreeBSD branches are affected; the fix has been committed for 3-stable, 4-stable and 5-current branches. I CC'ed to OpenBSD's technical mailing lists because they are using the same source package and might be affected (?). Thanks, Adrian Penisoara Ady (@freebsd.ady.ro) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message