GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Mar 15, 2020 6:26 am Post subject: [ glsa 202003-19 ] ppp |
 |
|
Gentoo Linux Security Advisory
Title: PPP: Buffer overflow (GLSA 202003-19)
Severity: high
Exploitable: remote
Date: 2020-03-15
Bug(s): #710308
ID: 202003-19
Synopsis
A buffer overflow in PPP might allow a remote attacker to execute
arbitrary code.
Background
PPP is a Unix implementation of the Point-to-Point Protocol.
Affected Packages
Package: net-dialup/ppp
Vulnerable: < 2.4.8
Unaffected: >= 2.4.8
Architectures: All supported architectures
Description
It was discovered that bounds check in PPP for the rhostname was
improperly constructed in the EAP request and response functions.
Impact
A remote attacker, by sending specially crafted authentication data,
could possibly execute arbitrary code with the privileges of the process
or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All PPP users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-dialup/ppp-2.4.8"
|
References
CVE-2020-8597 |
|
News & Announcements
