Security News > 2020 > March > Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers
2020-03-06 06:17

The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.

Discovered by IOActive security researcher Ilja Van Sprundel, the critical issue is a stack buffer overflow vulnerability that exists due to a logical error in the Extensible Authentication Protocol packet parser of the pppd software, an extension that provides support for additional authentication methods in PPP connections.

The vulnerability, tracked as CVE-2020-8597 with CVSS Score 9.8, can be exploited by unauthenticated attackers to remotely execute arbitrary code on affected systems and take full control over them.

Since pppd often runs with high privileges and works in conjunction with kernel drivers, the flaw could allow attackers to potentially execute malicious code with the system or root-level privileges.

According to the researcher, Point-to-Point Protocol Daemon versions 2.4.2 through 2.4.8 - all versions released in the last 17 years - are vulnerable to this new remote code execution vulnerability.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Kr-S8EKl2Lg/ppp-daemon-vulnerability.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-02-03 CVE-2020-8597 Classic Buffer Overflow vulnerability in multiple products
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
network
low complexity
point-to-point-protocol-project wago debian canonical CWE-120
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2337 1501 67 3969