Martin Husemann

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 4.11 through 6.1 NetBSD versions 2.0 through 4.0 beta before 20060823 OpenBSD versions 3.8 and 3.9 before 20060902 **Description** A buffer overflow issue exists in the sppp driver, allowing remote attackers to cause a denial of service, obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol packets. The overflow occurs when an option length exceeds the overall length in packets, affecting pppoe and ippp. **Recommendations** For FreeBSD versions 4.11 through 6.1, update to a version outside of this range to resolve the issue. For NetBSD versions 2.0 through 4.0 beta before 20060823, update to a version after 20060823 to resolve the issue. For OpenBSD versions 3.8 and 3.9 before 20060902, update to a version after 20060902 to resolve the issue.