Description
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters.
Exploits (1)
References (9)
Core 9
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29238
Various Sources vendor-advisory
x_refsource_openbsd
http://www.openbsd.org/errata42.html#009_ppp
Exploit mailing-list
x_refsource_vuln-dev
http://www.securityfocus.com/archive/82/488980/30/0/threaded
Various Sources vendor-advisory
x_refsource_openbsd
http://www.openbsd.org/errata41.html#014_ppp
Exploit mailing-list
x_refsource_vuln-dev
http://www.securityfocus.com/archive/82/489031/30/0/threaded
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28090
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41034
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29234
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29240
Scores
EPSS
0.0043
EPSS Percentile
62.6%
Details
CWE
CWE-264
Status
published
Products (5)
freebsd/freebsd
6.3
freebsd/freebsd
7.0
netbsd/netbsd
openbsd/openbsd
4.1
openbsd/openbsd
4.2
Published
Mar 09, 2008
Tracked Since
Feb 18, 2026