Re: NetBSD Security Advisory 2008-010: Malicious PPPoE discovery packet can overrun a kernel buffer

To: NetBSD Security Officer <security-officer%NetBSD.org@localhost>
Subject: Re: NetBSD Security Advisory 2008-010: Malicious PPPoE discovery packet can overrun a kernel buffer
From: "Perry E. Metzger" <perry%piermont.com@localhost>
Date: Tue, 26 Aug 2008 10:47:42 -0400

NetBSD Security-Officer <security-officer%netbsd.org@localhost> writes:
> Solutions and Workarounds
> =========================
>
> The pseudo-device pppoe is present in GENERIC kernels.  The system must
> be configured with a pppoe(4) instance.
>
> For all NetBSD versions, you need to obtain fixed kernel sources,
> rebuild and install the new kernel, and reboot the system.

This text is ambiguous -- a naive reader might not understand that if
there are no pppoe instances the kernel cannot be attacked.


-- 
Perry E. Metzger                perry%piermont.com@localhost

Follow-Ups:
- Re: NetBSD Security Advisory 2008-010: Malicious PPPoE discovery packet can overrun a kernel buffer
  - From: Steven M. Bellovin

References:
- NetBSD Security Advisory 2008-010: Malicious PPPoE discovery packet can overrun a kernel buffer
  - From: NetBSD Security-Officer

Prev by Date: NetBSD Security Advisory 2008-010: Malicious PPPoE discovery packet can overrun a kernel buffer
Next by Date: Re: NetBSD Security Advisory 2008-010: Malicious PPPoE discovery packet can overrun a kernel buffer
Previous by Thread: NetBSD Security Advisory 2008-010: Malicious PPPoE discovery packet can overrun a kernel buffer
Next by Thread: Re: NetBSD Security Advisory 2008-010: Malicious PPPoE discovery packet can overrun a kernel buffer
Indexes:

Home | Main Index | Thread Index | Old Index