lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 17 Oct 2019 07:20:04 +0000
From: <>
To: <>
Subject: [FD] Information leakage found in FRITZ!OS 6.83 & 6.80 (AVM DSL
 Router Fritz!Box 7490) [DTC-A-20170323-001]

Deutsche Telekom CERT Advisory [DTC-A-20170323-001]



CVE-2017-8087: Information leakage found in FRITZ!OS 6.83 & 6.80 (AVM DSL
Router Fritz!Box 7490)



Update to the newest Version of FRITZ!OS



a) application

b) problem


d) detailed description

e) credits




a) FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box 7490)


b) Memory leakage within the PPPoE/PPP padding 


c) 4.7 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/RL:U



Multiple DSL access router (aka Homegateway / CPE) handle PPPoE frame
padding incorrectly.

Instead of padding frames with zeroes, frames are padded with random memory,
allowing an attacker (with physical access to wire between PPPoE endpoints)
to view slices of previously transmitted packets or portions of kernel

This seems to be similar to


AVM DSL Router Fritz!Box 7490 (tested with FRITZ!OS 6.83 & 6.80) sends
portion of memory within PPPoE Discovery protocol PADT frames because
arbitrary memory is used in the padding to reach the minimum Ethernet frame


Further research shows that “short” PPP LCP frames are also padded with
random memory.


e) Christian Kagerhuber 


Mit freundlichen Grüßen / Kind regards, 

Deutsche Telekom CERT



Telekom Security

Cyber Defense Reponse

E-Mail:  <>

cherheit/sicherheit/rfc-2350-deutsche-telekom-cert-342710> 0xA8FF58B4


You can find the compulsory statement on:


Download attachment "smime.p7s" of type "application/pkcs7-signature" (6112 bytes)

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists