Bug 21592

Summary: insufficient PAP authentication in isp protocol stack
Product: Base System Reporter: dli <dli>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description dli 2000-09-27 10:20:01 UTC 
This flaw leads to a remote access exploit when the offending host 
gets initial access to the synchonoues ppp protocolstack
(possibly through a wildcard ISDN connect) and the channel is configured
to use pap authentication.

The authentication code does a short compare on the configured 
authname/authkey and the remotely supplied authname/authkey. 
In the extrem end you may connect without supplying authname 
and authkey.

Fix: ------------- cut here -------------------------------------------------
How-To-Repeat: The effect is easily demonstrated with a remote WinXXX 
system connecting over ISDN.
Comment 1 Joerg Wunsch freebsd_committer freebsd_triage 2001-03-25 10:53:15 UTC 
State Changed
From-To: open->closed

Fixed in rev 1.66 of if_spppsubr.c, thanks! 

(p.s.: Please don't cut&paste context diffs into an email, this 
makes them virtually useless by removing the TABs.)