Subject: kern/25099: pppoe(4) shouldn't expose authentication names to regular users
To: None <gnats-bugs@gnats.NetBSD.org>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-bugs
Date: 04/08/2004 08:46:33
>Number: 25099
>Category: kern
>Synopsis: pppoe(4) shouldn't expose authentication names to regular users
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Thu Apr 08 06:47:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Christian Biere
>Release: NetBSD 2.0B
>Organization:
>Environment:
System: NetBSD cyclonus 2.0B NetBSD 2.0B (STARSCREAM) #0: Mon Apr 5 04:06:21 CEST 2004 bin@cyclonus:/usr/obj/sys/arch/i386/compile/STARSCREAM i386
Architecture: i386
Machine: i386
>Description:
Every local user can see the myauthname and hisauthname settings for a pppoe
device using /sbin/pppoectl which uses the ioctl(s, SPPPAUTHCFG, ...) to
get this information. Both could be misused for e.g., a Denial-of-Service
attack because some ISPs lock the account after several failed connection
attempts. This could also be used to identify the user of a dial-in account.
Of course, this requires either a hostile user or a (partially) hacked
account. A regular cannot start a PPPoE session but a DoS is often possible
from a different machine since ISPs offer accounts that can be used from
anywhere.
>How-To-Repeat:
$ /sbin/pppoectl pppoe0
>Fix:
Require super-user privileges for the SPPPAUTHCFG ioctl().
>Release-Note:
>Audit-Trail:
>Unformatted: