sppp -- buffer overflow vulnerability

Problem Description
While processing Link Control Protocol (LCP) configuration
options received from the remote host, sppp(4) fails to
correctly validate option lengths. This may result in data
being read or written beyond the allocated kernel memory
buffer.
Impact
An attacker able to send LCP packets, including the remote
end of a sppp(4) connection, can cause the FreeBSD kernel to
panic. Such an attacker may also be able to obtain
sensitive information or gain elevated privileges.
Workaround
No workaround is available, but systems which do not use sppp(4) are
not vulnerable.