FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Multi-link PPP protocol daemon MPD5 remotely exploitable crash

Affected packages
mpd5 < 5.9

Details

VuXML ID cd97c7ca-f079-11ea-9c31-001b216d295b
Discovery 2020-09-04
Entry 2020-09-06
Modified 2020-09-07

Version 5.9 contains security fix for L2TP clients and servers. Insufficient validation of incoming L2TP control packet specially crafted by unauthenticated user might lead to unexpected termination of the process. The problem affects mpd versions since 4.0 that brought in initial support for L2TP. Installations not using L2TP clients nor L2TP server configuration were not affected.

References

CVE Name CVE-2020-7465
CVE Name CVE-2020-7466
URL http://mpd.sourceforge.net/doc5/mpd4.html#4

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.