| Vulnerability Name: | CVE-2006-4304 (CCN-28562) | ||||||||
| Assigned: | 2006-08-23 | ||||||||
| Published: | 2006-08-23 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. Note: this issue was originally incorrectly reported for the ppp driver. | ||||||||
| CVSS v3 Severity: | 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: NETBSD Type: UNKNOWN NetBSD-SA2006-019 Source: MITRE Type: CNA CVE-2006-4304 Source: CCN Type: NetBSD-SA2006-019 Malicious PPP options can overrun a kernel buffer Source: CCN Type: SA21587 FreeBSD "sppp" Buffer Overflow Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 21587 Source: SECUNIA Type: Patch, Vendor Advisory 21731 Source: CCN Type: FreeBSD-SA-06:08.ppp Buffer overflow in ppp(4) Source: FREEBSD Type: Vendor Advisory FreeBSD-SA-06:08 Source: MISC Type: UNKNOWN http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch Source: CCN Type: SECTRACK ID: 1016745 BSD UNIX PPP LCP Options Length Buffer Overflow Lets Remote Users Deny Service Source: SECTRACK Type: UNKNOWN 1016745 Source: OPENBSD Type: Patch [3.9] 20060902 009: SECURITY FIX: September 2, 2006 Source: OPENBSD Type: Patch [3.8] 20060902 014: SECURITY FIX: September 2, 2006 Source: CCN Type: OSVDB ID: 28176 FreeBSD ppp LCP Packet Option Processing Remote Overflow Source: BID Type: UNKNOWN 19684 Source: CCN Type: BID-19684 NetBSD In-Kernel PPP Multiple Buffer Overflow Vulnerabilities Source: XF Type: UNKNOWN bsd-ppp-lcp-bo(28562) Source: XF Type: UNKNOWN sppp4-lcp-bo(28562) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||