The FreeBSD Project よりセキュリティ勧告が出ました。私の認識を以下にまとめます。

• 危険度低

セキュリティ勧告は ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:18.ppp.asc にあります。
以下は上記のセキュリティ勧告の一部とその翻訳です。ただし品質は保証致しません。
0. Revision History

v1.0 2006-08-23

Initial release.

v1.1 2006-08-25

Corrected name of affected driver.

NOTE WELL

The original version of this advisory identified the affected driver as ppp(4). This is incorrect; the problem occurs in the sppp(4) driver instead.

I. Background
The sppp(4) driver implements the state machine and the Link Control Protocol (LCP) of the Point-to-Point Protocol (PPP) and is used in combination with underlying drivers which provide synchronous point-to-point connections. In particular, sppp(4) is commonly used with i4bisppp(4) and ng_sppp(4).

II. Problem Description
While processing Link Control Protocol (LCP) configuration options received from the remote host, sppp(4) fails to correctly validate option lengths. This may result in data being read or written beyond the allocated kernel memory buffer.

III. Impact
An attacker able to send LCP packets, including the remote end of a sppp(4) connection, can cause the FreeBSD kernel to panic. Such an attacker may also be able to obtain sensitive information or gain elevated privileges.

IV. Workaround
No workaround is available, but systems which do not use sppp(4) are not vulnerable.