CVE-2006-4304

Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc	Vendor Advisory
http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc
http://www.securityfocus.com/bid/19684
http://securitytracker.com/id?1016745
http://secunia.com/advisories/21587	Patch Vendor Advisory
http://www.openbsd.org/errata.html#sppp	Patch
http://www.openbsd.org/errata38.html#sppp	Patch
http://secunia.com/advisories/21731	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28562

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:freebsd:freebsd:4.11:::::::*
	cpe:2.3:o:netbsd:netbsd:3.0:::::::*
	cpe:2.3:o:netbsd:netbsd:4.0:::::::*
	cpe:2.3:o:freebsd:freebsd:5.5:::::::*
	cpe:2.3:o:freebsd:freebsd:6.0:::::::*
	cpe:2.3:o:freebsd:freebsd:5.3:::::::*
	cpe:2.3:o:freebsd:freebsd:5.4:::::::*
	cpe:2.3:o:openbsd:openbsd:3.8:::::::*
	cpe:2.3:o:openbsd:openbsd:3.9:::::::*
	cpe:2.3:o:freebsd:freebsd:6.1:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0:::::::*

Information

Published : 2006-08-23 18:04

Updated : 2017-07-19 18:32

NVD link : CVE-2006-4304

Mitre link : CVE-2006-4304

JSON object : View

CWE

NVD-CWE-Other

Products Affected

openbsd

openbsd

freebsd

freebsd

netbsd

netbsd

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc", "name": "FreeBSD-SA-06:08", "tags": ["Vendor Advisory"], "refsource": "FREEBSD"}, {"url": "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch", "name": "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch", "tags": [], "refsource": "MISC"}, {"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc", "name": "NetBSD-SA2006-019", "tags": [], "refsource": "NETBSD"}, {"url": "http://www.securityfocus.com/bid/19684", "name": "19684", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1016745", "name": "1016745", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/21587", "name": "21587", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.openbsd.org/errata.html#sppp", "name": "[3.9] 20060902 009: SECURITY FIX: September 2, 2006", "tags": ["Patch"], "refsource": "OPENBSD"}, {"url": "http://www.openbsd.org/errata38.html#sppp", "name": "[3.8] 20060902 014: SECURITY FIX: September 2, 2006", "tags": ["Patch"], "refsource": "OPENBSD"}, {"url": "http://secunia.com/advisories/21731", "name": "21731", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28562", "name": "sppp4-lcp-bo(28562)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4304", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-08-24T01:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:32Z"}

10.0 /10