CVE-2006-4304

critical

Description

Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28562

http://www.securityfocus.com/bid/19684

http://www.openbsd.org/errata38.html#sppp

http://www.openbsd.org/errata.html#sppp

http://securitytracker.com/id?1016745

http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch

http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc

http://secunia.com/advisories/21731

http://secunia.com/advisories/21587

Details

Source: Mitre, NVD

Published: 2006-08-24

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.05019