Subject: kern/25099: pppoe(4) shouldn't expose authentication names to regular users
To: None <gnats-bugs@gnats.NetBSD.org>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-bugs
Date: 04/08/2004 08:46:33
>Number:         25099
>Category:       kern
>Synopsis:       pppoe(4) shouldn't expose authentication names to regular users
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Apr 08 06:47:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Christian Biere
>Release:        NetBSD 2.0B
>Organization:
>Environment:
System: NetBSD cyclonus 2.0B NetBSD 2.0B (STARSCREAM) #0: Mon Apr 5 04:06:21 CEST 2004 bin@cyclonus:/usr/obj/sys/arch/i386/compile/STARSCREAM i386
Architecture: i386
Machine: i386
>Description:

Every local user can see the myauthname and hisauthname settings for a pppoe
device using /sbin/pppoectl which uses the ioctl(s, SPPPAUTHCFG, ...) to
get this information. Both could be misused for e.g., a Denial-of-Service
attack because some ISPs lock the account after several failed connection
attempts. This could also be used to identify the user of a dial-in account.
Of course, this requires either a hostile user or a (partially) hacked
account. A regular cannot start a PPPoE session but a DoS is often possible
from a different machine since ISPs offer accounts that can be used from
anywhere.

>How-To-Repeat:

$ /sbin/pppoectl pppoe0

>Fix:

Require super-user privileges for the SPPPAUTHCFG ioctl().
>Release-Note:
>Audit-Trail:
>Unformatted: