CVE-2008-1215

Name of the Vulnerable Software and Affected Versions ppp versions in FreeBSD 6.3 and 7.0 ppp versions in OpenBSD 4.1 and 4.2 ppp in the net/userppp package for NetBSD

Description A stack-based buffer overflow issue exists in the command Expand Interpret function, allowing local users to gain privileges via long commands containing "~" characters.

Recommendations For ppp in FreeBSD 6.3 and 7.0, consider restricting access to the command Expand Interpret function until a patch is available. For ppp in OpenBSD 4.1 and 4.2, avoid using long commands containing "~" characters in the affected function. For ppp in the net/userppp package for NetBSD, restrict the use of the vulnerable command Expand Interpret function to minimize the risk of exploitation.