----------------------------------------------------------------------

Want a new job?

http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/

----------------------------------------------------------------------

TITLE:
NetBSD PPPoE Packet Processing Tag Length Vulnerability

SECUNIA ADVISORY ID:
SA31597

VERIFY ADVISORY:
http://secunia.com/advisories/31597/

CRITICAL:
Less critical

IMPACT:
DoS, System access

WHERE:
>From local network

OPERATING SYSTEM:
NetBSD 3.1
http://secunia.com/product/16089/

DESCRIPTION:
A vulnerability has been reported in NetBSD, which can be exploited
by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

The vulnerability is caused due incorrect length check when
processing tags within a PPPoE packet. This can be exploited to e.g.
crash the kernel by sending a specially crafted PPPoE packet to a
vulnerable system.

Successful exploitation requires that a PPPoE interface has been
created (e.g. via ""ifconfig pppoe0 create") and the attacker can
send PPPoE packets to the affected system.

The vulnerability is reported in NetBSD version 3.0, 3.1, and 4.0.

SOLUTION:
Fixed in the CVS repository. See vendor advisory for details.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Yasuoka Masahiko, Internet Initiative Japan Inc

ORIGINAL ADVISORY:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-010.txt.asc

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------