A new remote code execution vulnerability has been identified in the PPP daemon (pppd) software that comes in most of the Linux operating systems and also in other networking devices that works on the basis of this PPPd software. The US-CERT had announced this vulnerability today through their security advisory. Point-to-Point Protocol (PPP) facilitates the communication and transferring of data among the internet links like modems, broadband connections and VPNs. This vulnerability is tracked as CVE-2020-8597 and has been given a score of 9.8, showing how critical is the flaw.
First discovered by Ilja Sprundel, the issue is because of a stack buffer overflow vulnerability in PPP demon software. The vulnerability exists because of a logical error in the Extensible Authentication Protocol (EAP) packet parser in the software.
Attackers just need to send unsolicited malformed EAP packet to the vulnerable PPP agent or the server. Also, because of the escalated privileges for the pppd software, and combines with the kernel drivers, this vulnerability has the potential to let attackers take root-level controls to the system.
Furthermore, the vulnerability doesn’t validate the size of input before processing the data that is being supplied to it, an arbitrary data can be copied into memory and result in memory corruption, thus opening doors to unwanted codes being executed. The logic of eap parsing code is where the vulnerability exists, which is requested by the network input handler.
Though users disable the EAP or the same hasn’t been negotiated by a passphrase from a peer, attackers can still execute the attack by sending unsolicited EAP packer and initiate the buffer overflow.
According to Sprundel, PPP Daemon’s versions from 2.4.2 to 2.4.8 is affected by this remote code execution vulnerability.
The affected OSs are Debian, SUSE Linux, Ubuntu, Fedora, Red Hat Enterprise Linux, and NetBSD. Also, the affected applications are, TP-Link products, OpenWRT Embedded OS, Synology products, and Cisco CallManager. Users who are affected by this vulnerability are requested to update their operating system and applications with the right seurity patches before the attackers sneak-in.
Subscribe to ‘The Cybersecurity Times’, for daily alerts on cyber events. You can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.
Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…
Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…
Discover the top 11 log management tools for efficient system management and monitoring. Learn about…
Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…
Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…
Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…
View Comments
Thanks fοr your mardveloᥙs posting! I definitely enjoyed reading it, you can be a
ցreat author.I will make certain to bookmarқ your blog
and wiⅼl often come back later in lіfe.
I want to emcourage continue your great work, have a nice evening!