Bug#391289: kfreebsd-5: several security issues in freebsd
Justification: user security hole
Some security issues have been found in FreeBSD that probably affect
the Debian FreeBSD kernel:
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD
2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before
20060902 allows remote attackers to cause a denial of service (panic),
obtain sensitive information, and possibly execute arbitrary code via
crafted Link Control Protocol (LCP) packets with an option length that
exceeds the overall length, which triggers the overflow in (1) pppoe
and (2) ippp. NOTE: this issue was originally incorrectly reported
for the ppp driver.
Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and
possibly earlier versions down to 5.2, allows local users to cause a
denial of service (crash) via unspecified arguments that use negative
signed integers to cause the bzero function to be called with a large
length parameter, a different vulnerability than CVE-2006-4172.
Integer overflow vulnerability in the i386_set_ldt call in FreeBSD
5.5, and possibly earlier versions down to 5.2, allows local users to
cause a denial of service (crash) and possibly execute arbitrary code
via unspecified vectors, a different vulnerability than CVE-2006-4178.