Date: Tue, 10 Mar 2020 00:15:54 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Cy Schubert <Cy.Schubert@cschubert.com>, freebsd-security@freebsd.org, Miroslav Lachman <000.fbsd@quip.cz> Subject: Re: Critical PPP Daemon Flaw Message-ID: <efc25a68-9bfa-5838-eaef-a2f6a6817ac2@grosbein.net> In-Reply-To: <5FD9E59C-1B15-4B07-AA5E-1B6F40CBDD08@cschubert.com> References: <13df3361-87b6-c6c1-e79d-2bbdd0146518@quip.cz> <5FD9E59C-1B15-4B07-AA5E-1B6F40CBDD08@cschubert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
09.03.2020 20:49, Cy Schubert wrote: > On March 9, 2020 4:23:10 AM PDT, Miroslav Lachman <000.fbsd@quip.cz> wrote: >> I don't know if FreeBSD is vulnerable or not. There are main Linux >> distros and NetBSD listed in the article. >> >> https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html >> >> The vulnerability, tracked as CVE-2020-8597 [1] with CVSS Score 9.8, >> can >> be exploited by unauthenticated attackers to remotely execute arbitrary >> >> code on affected systems and take full control over them. >> >> [1] https://www.kb.cert.org/vuls/id/782301/ >> >> Kind regards >> Miroslav Lachman >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to >> "freebsd-security-unsubscribe@freebsd.org" > > Probably not. Ours is a different codebase from NetBSD. > I haven't looked at what Red Hat has, no comment about theirs. > However it would be prudent to verify our pppd isn't also vulnerable. We have not pppd at all, in any supported branch. We had pppd(8) and ppp(4) kernel driver used by pppd upto FreeBSD 7 and they did panic kernel if used with MPSAFE knob enabled, because ppp(4) was not mp-safe. Due to that reason (and nobody updated the driver), both of ppp(4) and pppd(8) were removed before 8.0-RELEASE. We have net/mpd5 daemon that can be used instead of pppd and mpd5 is not vulnerable due to its completely different code base including part parsing EAP messages. And, of course, we have ppp(8) "user-ppp" utility.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?efc25a68-9bfa-5838-eaef-a2f6a6817ac2>