Re: NetBSD Security Advisory 2008-010: Malicious PPPoE discovery packet can overrun a kernel buffer

["Steven M. Bellovin" <smb%cs.columbia.edu@localhost>]

On Tue, 26 Aug 2008 10:47:42 -0400
"Perry E. Metzger" <perry%piermont.com@localhost> wrote:

> 
> NetBSD Security-Officer <security-officer%netbsd.org@localhost> writes:
> > Solutions and Workarounds
> > =========================
> >
> > The pseudo-device pppoe is present in GENERIC kernels.  The system
> > must be configured with a pppoe(4) instance.
> >
> > For all NetBSD versions, you need to obtain fixed kernel sources,
> > rebuild and install the new kernel, and reboot the system.
> 
> This text is ambiguous -- a naive reader might not understand that if
> there are no pppoe instances the kernel cannot be attacked.
> 
> 
Earlier in the advisory, though, it says this:

  The problematic code path is executed even without active pppoe(4)
  interfaces, as long as at least one has been created with "ifconfig
  pppoe0 create". No further configuration of the pppoe(4) interface is
  needed.

I agree that the wording in the section you cite could be improved, but
the essential information is pretty clear earlier on.  (In fact, once I
got to that section I didn't continue reading the rest...)


                --Steve Bellovin, http://www.cs.columbia.edu/~smb