10

CVE-2006-4304

EPSS 6.86%
Published 24.08.2006 01:04:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp.  NOTE: this issue was originally incorrectly reported for the ppp driver.

Affected products Warnungen 0 Metrics 2 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version4.11

Freebsd ≫ Freebsd Version5.3

Freebsd ≫ Freebsd Version5.4

Freebsd ≫ Freebsd Version5.5

Freebsd ≫ Freebsd Version6.0

Freebsd ≫ Freebsd Version6.1

Netbsd ≫ Netbsd Version2.0

Netbsd ≫ Netbsd Version3.0

Netbsd ≫ Netbsd Version4.0

Openbsd ≫ Openbsd Version3.8

Openbsd ≫ Openbsd Version3.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.86%	0.91

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc

http://secunia.com/advisories/21587

Patch

Vendor Advisory

http://secunia.com/advisories/21731

Patch

Vendor Advisory

http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc

Vendor Advisory

http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch

http://securitytracker.com/id?1016745

http://www.openbsd.org/errata.html#sppp

Patch

http://www.openbsd.org/errata38.html#sppp

Patch

http://www.securityfocus.com/bid/19684

https://exchange.xforce.ibmcloud.com/vulnerabilities/28562

https://nvd.nist.gov/vuln/detail/CVE-2006-4304

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-4304

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-4304

EUVD