Bug 22319

Summary: Malicious remote user can cause ppp(8) to segfault
Product: Base System Reporter: Przemyslaw Frasunek <venglin>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.1.1-STABLE   
Hardware: Any   
OS: Any   

Description Przemyslaw Frasunek 2000-10-26 21:50:01 UTC 
	Look below.

Fix: 

Unknown.
How-To-Repeat: 
	riget:venglin:~> cat /dev/urandom | nc ext-fw.czuby.net 23 >& /dev/null
	[wait few seconds]
	...
	pid 580 (ppp), uid 0: exited on signal 11 (core dumped)

	Sorry, I can't provide stack backtrace at this moment, I'm running
	PPP on a diskless machine.
Comment 1 Brian Somers freebsd_committer freebsd_triage 2000-11-01 00:19:38 UTC 
State Changed
From-To: open->closed

I've just merged a fix for this (making fd_sets dynamic). 

Note: there are still DOS attacks possible in this respect.  There's 
no substitute for a well-configured firewall.