PT-2008-2808 · Netbsd · Ppp

Published

2008-03-09

Updated

2017-08-08

CVE-2008-1215

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ppp versions in FreeBSD 6.3 and 7.0 ppp versions in OpenBSD 4.1 and 4.2 ppp in the net/userppp package for NetBSD

Description A stack-based buffer overflow issue exists in the command Expand Interpret function, allowing local users to gain privileges via long commands containing "~" characters.

Recommendations For ppp in FreeBSD 6.3 and 7.0, consider restricting access to the command Expand Interpret function until a patch is available. For ppp in OpenBSD 4.1 and 4.2, avoid using long commands containing "~" characters in the affected function. For ppp in the net/userppp package for NetBSD, restrict the use of the vulnerable command Expand Interpret function to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-1215

Affected Products

Ppp

PT-2008-2808 · Netbsd · Ppp

CVE-2008-1215

Weakness Enumeration

Related Identifiers

Affected Products

References · 11