VAR-202002-1458
Vulnerability from variot - Updated: 2025-12-22 22:25eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response subroutines. PPP is the protocol used for establishing internet links over dial-up modems, DSL connections, and many other types of point-to-point links including Virtual Private Networks (VPN) such as Point to Point Tunneling Protocol (PPTP). The pppd software can also authenticate a network connected peer and/or supply authentication information to the peer using multiple authentication protocols including EAP. Due to a flaw in the Extensible Authentication Protocol (EAP) packet processing in the Point-to-Point Protocol Daemon (pppd), an unauthenticated remote attacker may be able to cause a stack buffer overflow, which may allow arbitrary code execution on the target system. This vulnerability is due to an error in validating the size of the input before copying the supplied data into memory. As the validation of the data size is incorrect, arbitrary data can be copied into memory and cause memory corruption possibly leading to execution of unwanted code.The vulnerability is in the logic of the eap parsing code, specifically in the eap_request() and eap_response() functions in eap.c that are called by a network input handler. These functions take a pointer and length as input using the the first byte as a type. If the type is EAPT_MD5CHAP(4), it looks at an embedded 1-byte length field. The logic in this code is intended to makes sure that embedded length is smaller than the whole packet length. After this verification, it tries to copy provided data (hostname) that is located after the embedded length field into a local stack buffer. This bounds check is incorrect and allows for memory copy to happen with an arbitrary length of data. An additional logic flaw causes the eap_input() function to not check if EAP has been negotiated during the Link Control Protocol (LCP) phase. This allows an unauthenticated attacker to send an EAP packet even if ppp refused the authentication negotiation due to lack of support for EAP or due to mismatch of an agreed pre-shared passphrase in the LCP phase. The vulnerable pppd code in eap_input will still process the EAP packet and trigger the stack buffer overflow. This unverified data with an unknown size can be used to corrupt memory of the target system. The pppd often runs with high privileges (system or root) and works in conjunction with kernel drivers. This makes it possible for an attacker to potentially execute arbitrary code with system or root level privileges.The pppd software is also adopted into lwIP (lightweight IP) project to provide pppd capabilities for small devices. The default installer and packages of lwIP are not vulnerable to this buffer overflow. However if you have used the lwIP source code and configured specifically to enable EAP at compile time, your software is likely vulnerable to the buffer overflow. The recommended update is available from Git repoistory http://git.savannah.nongnu.org/cgit/lwip.git.This type of weakness is commonly associated in Common Weakness Enumeration (CWE) with CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). A Proof-of-Concept exploit for PPTP VPN Servers with additional tools are available in the by CERT/CC PoC repository. By sending an unsolicited EAP packet to a vulnerable ppp client or server, an unauthenticated remote attacker could cause memory corruption in the pppd process, which may allow for arbitrary code execution. ppp Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state.
For the oldstable distribution (stretch), this problem has been fixed in version 2.4.7-1+4+deb9u1.
For the stable distribution (buster), this problem has been fixed in version 2.4.7-2+4.1+deb10u1.
For the detailed security status of ppp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ppp
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl5REqZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SD8g/9Ff6xy7FrjoHactYr1UIlubUzQvHRkou9rNWjCpos0GlTaUtYY8GIEwyT GyngmqnOnghAHw+ZrvIvJbRDfLpSsa/5V6D6Fa3v9U0RXcHM71fnLqB4KOuH8c4l cdt2zJjtmnsJFsnla1HOIB46QEfN9rBKzi5uBVBPRejFcbpzq5U3wHtb4C8w7Q3v hlPK8GDppQcT2fA7Zl3MlRy3TkmpWjq3TT3E5vjnrh2TQ4ObnmeYOSCY0d/s7pM/ pQ3bFfNZhNiWievJgMyXRFjPf132d97w0MOzrR7tTzJJfBOk8ym+yhC6c6caXycg 9ml5B2BTHZvwSRiLCE9QOtjRDrlCe69j1FzCPNibkDnJXMo/qMUbpvk/iOC0945X /LGRgLySMufDsRF6bYc0TMpLc2S9WgTFIss7gGN6GgkuHqU95N7lwvf2WqrFYJeg JAP0X+1PQhfsq06IkG5tsnYm8Dc6au8mD/+u6ADY+jUV7cFHIlbgwm/ciFjYe1N7 VZwFKnKjuokH79A6S8TW+xvlqfH/20YTtMrrQX6fZd1gqWwWjBmAWY0fPGetiVl0 yCt9OiBZG3P2FqerAeUB2fRfRaFXBmTUzxQc00D5WlAOZ7qh+6/qyh04Re6jq4zI euFQYtUBSLJxB+ZK5DuFUbYQUXodIXHRaW3t/1ydru7W/3arZrI= =abUf -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4288-2 March 02, 2020
ppp vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
ppp could be made to crash or run programs if it received specially crafted network traffic. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that ppp incorrectly handled certain rhostname values.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: ppp 2.4.5-5.1ubuntu2.3+esm1
Ubuntu 12.04 ESM: ppp 2.4.5-5ubuntu1.3
In general, a standard system update will make all the necessary changes. 6) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: ppp security update Advisory ID: RHSA-2020:0630-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0630 Issue date: 2020-02-27 CVE Names: CVE-2020-8597 =====================================================================
- Summary:
An update for ppp is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line.
Security Fix(es):
- ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: ppp-2.4.5-34.el7_7.src.rpm
x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ppp-2.4.5-34.el7_7.src.rpm
x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ppp-2.4.5-34.el7_7.src.rpm
ppc64: ppp-2.4.5-34.el7_7.ppc64.rpm ppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm
ppc64le: ppp-2.4.5-34.el7_7.ppc64le.rpm ppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm
s390x: ppp-2.4.5-34.el7_7.s390x.rpm ppp-debuginfo-2.4.5-34.el7_7.s390x.rpm
x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: ppp-debuginfo-2.4.5-34.el7_7.ppc.rpm ppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm ppp-devel-2.4.5-34.el7_7.ppc.rpm ppp-devel-2.4.5-34.el7_7.ppc64.rpm
ppc64le: ppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm ppp-devel-2.4.5-34.el7_7.ppc64le.rpm
s390x: ppp-debuginfo-2.4.5-34.el7_7.s390.rpm ppp-debuginfo-2.4.5-34.el7_7.s390x.rpm ppp-devel-2.4.5-34.el7_7.s390.rpm ppp-devel-2.4.5-34.el7_7.s390x.rpm
x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ppp-2.4.5-34.el7_7.src.rpm
x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8597 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXlfen9zjgjWX9erEAQj4VxAAhoolIsxKBSxXvlTM4FIBi2+s77BlOiby 1957YccCxFTvU0YP2LWqueepO/2Z9G/dBVGvej+JruD5Uc1qrIWyZNfnD9Y5CFw/ p1yTAKt0RM4XN9TeqXRn8ufYTMOU3hG1RIksbhKA1Wo8Xwf0BTj43BN9bv/7vHwj 2GQEfp37ARKvBjrQDCKh5Yhe5vtLYHbC4NOkvZwt3pFc5Je001RFGwk5/sN2Vtiz 91jazEJ9/duWvUn6O45vu1uTXRZnlPIQJmMtlD8+KbBVS4JK4oWoi9vyKM81y2AK JMlENiPstjEHOaIrdpd1nA1GWhPen4xNFMh1+4CGp7JfFPh8eUT59B8UDkBFdFzX tEyUqqb4xpNb+k2IMR50XZM9r5lGV8RQxex37EXOIyLzz4qSv6Anq/DcoP5cGbvu iLAtSMJZz2BMJZ0a8+Cg6ynxbip1SqsgcmjbDRK/Ccf0CICvlj6apineUL9vtvBL TVEQnlqXO70uYLG3xTTLWiXqVradqATKzbUuPzvgME7aHGIRWyek4JvwCuetzR1/ nyZts/ldBvmyob6KcUF7KejKUighqDwnoTmx6vWJlOT6DT3CZaS5tTvbZNd2kJk0 nTmV6AD+yNcnI53FSh6WHPutUq3yDCQTEPojhgl13aDVXyzeAMmuzSOjFGG/+/GO iXgkiSqdt/o= =Fzi6 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, ppc64le, s390x, x86_64
-
Gentoo Linux Security Advisory GLSA 202003-19
https://security.gentoo.org/
Severity: High Title: PPP: Buffer overflow Date: March 15, 2020 Bugs: #710308 ID: 202003-19
Synopsis
A buffer overflow in PPP might allow a remote attacker to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dialup/ppp < 2.4.8 >= 2.4.8
Description
It was discovered that bounds check in PPP for the rhostname was improperly constructed in the EAP request and response functions.
Workaround
There is no known workaround at this time.
Resolution
All PPP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dialup/ppp-2.4.8"
References
[ 1 ] CVE-2020-8597 https://nvd.nist.gov/vuln/detail/CVE-2020-8597
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-19
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-1458",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "point-to-point protocol",
"scope": "lte",
"trust": 1.0,
"vendor": "point to point protocol",
"version": "2.4.8"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"model": "point-to-point protocol",
"scope": "gte",
"trust": 1.0,
"vendor": "point to point protocol",
"version": "2.4.2"
},
{
"model": "pfc",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.04.10\\(16\\)"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "point-to-point protocol",
"scope": "eq",
"trust": 0.8,
"vendor": "point to point protocol",
"version": "2.4.2 \u304b\u3089 2.4.8"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:point-to-point_protocol_project:point-to-point_protocol",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thanks to Ilja Van Sprundel from IOActive for reporting this vulnerability. This document was written by Vijay Sarvepalli. ",
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
}
],
"trust": 0.8
},
"cve": "CVE-2020-8597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-8597",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.3,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 7.7,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-8597",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-001593",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8597",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-001593",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8597",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-8597",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-8597",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-001593",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-029",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-8597",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
},
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response subroutines. PPP is the protocol used for establishing internet links over dial-up modems, DSL connections, and many other types of point-to-point links including Virtual Private Networks (VPN) such as Point to Point Tunneling Protocol (PPTP). The pppd software can also authenticate a network connected peer and/or supply authentication information to the peer using multiple authentication protocols including EAP. Due to a flaw in the Extensible Authentication Protocol (EAP) packet processing in the Point-to-Point Protocol Daemon (pppd), an unauthenticated remote attacker may be able to cause a stack buffer overflow, which may allow arbitrary code execution on the target system. This vulnerability is due to an error in validating the size of the input before copying the supplied data into memory. As the validation of the data size is incorrect, arbitrary data can be copied into memory and cause memory corruption possibly leading to execution of unwanted code.The vulnerability is in the logic of the eap parsing code, specifically in the eap_request() and eap_response() functions in eap.c that are called by a network input handler. These functions take a pointer and length as input using the the first byte as a type. If the type is EAPT_MD5CHAP(4), it looks at an embedded 1-byte length field. The logic in this code is intended to makes sure that embedded length is smaller than the whole packet length. After this verification, it tries to copy provided data (hostname) that is located after the embedded length field into a local stack buffer. This bounds check is incorrect and allows for memory copy to happen with an arbitrary length of data. An additional logic flaw causes the eap_input() function to not check if EAP has been negotiated during the Link Control Protocol (LCP) phase. This allows an unauthenticated attacker to send an EAP packet even if ppp refused the authentication negotiation due to lack of support for EAP or due to mismatch of an agreed pre-shared passphrase in the LCP phase. The vulnerable pppd code in eap_input will still process the EAP packet and trigger the stack buffer overflow. This unverified data with an unknown size can be used to corrupt memory of the target system. The pppd often runs with high privileges (system or root) and works in conjunction with kernel drivers. This makes it possible for an attacker to potentially execute arbitrary code with system or root level privileges.The pppd software is also adopted into lwIP (lightweight IP) project to provide pppd capabilities for small devices. The default installer and packages of lwIP are not vulnerable to this buffer overflow. However if you have used the lwIP source code and configured specifically to enable EAP at compile time, your software is likely vulnerable to the buffer overflow. The recommended update is available from Git repoistory http://git.savannah.nongnu.org/cgit/lwip.git.This type of weakness is commonly associated in Common Weakness Enumeration (CWE) with CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027). A Proof-of-Concept exploit for PPTP VPN Servers with additional tools are available in the by CERT/CC PoC repository. By sending an unsolicited EAP packet to a vulnerable ppp client or server, an unauthenticated remote attacker could cause memory corruption in the pppd process, which may allow for arbitrary code execution. ppp Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. \n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 2.4.7-1+4+deb9u1. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.4.7-2+4.1+deb10u1. \n\nFor the detailed security status of ppp please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/ppp\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl5REqZfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0SD8g/9Ff6xy7FrjoHactYr1UIlubUzQvHRkou9rNWjCpos0GlTaUtYY8GIEwyT\nGyngmqnOnghAHw+ZrvIvJbRDfLpSsa/5V6D6Fa3v9U0RXcHM71fnLqB4KOuH8c4l\ncdt2zJjtmnsJFsnla1HOIB46QEfN9rBKzi5uBVBPRejFcbpzq5U3wHtb4C8w7Q3v\nhlPK8GDppQcT2fA7Zl3MlRy3TkmpWjq3TT3E5vjnrh2TQ4ObnmeYOSCY0d/s7pM/\npQ3bFfNZhNiWievJgMyXRFjPf132d97w0MOzrR7tTzJJfBOk8ym+yhC6c6caXycg\n9ml5B2BTHZvwSRiLCE9QOtjRDrlCe69j1FzCPNibkDnJXMo/qMUbpvk/iOC0945X\n/LGRgLySMufDsRF6bYc0TMpLc2S9WgTFIss7gGN6GgkuHqU95N7lwvf2WqrFYJeg\nJAP0X+1PQhfsq06IkG5tsnYm8Dc6au8mD/+u6ADY+jUV7cFHIlbgwm/ciFjYe1N7\nVZwFKnKjuokH79A6S8TW+xvlqfH/20YTtMrrQX6fZd1gqWwWjBmAWY0fPGetiVl0\nyCt9OiBZG3P2FqerAeUB2fRfRaFXBmTUzxQc00D5WlAOZ7qh+6/qyh04Re6jq4zI\neuFQYtUBSLJxB+ZK5DuFUbYQUXodIXHRaW3t/1ydru7W/3arZrI=\n=abUf\n-----END PGP SIGNATURE-----\n. =========================================================================\nUbuntu Security Notice USN-4288-2\nMarch 02, 2020\n\nppp vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nppp could be made to crash or run programs if it received specially crafted network traffic. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that ppp incorrectly handled certain rhostname values. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n ppp 2.4.5-5.1ubuntu2.3+esm1\n\nUbuntu 12.04 ESM:\n ppp 2.4.5-5ubuntu1.3\n\nIn general, a standard system update will make all the necessary changes. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: ppp security update\nAdvisory ID: RHSA-2020:0630-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:0630\nIssue date: 2020-02-27\nCVE Names: CVE-2020-8597 \n=====================================================================\n\n1. Summary:\n\nAn update for ppp is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe ppp packages contain the Point-to-Point Protocol (PPP) daemon and\ndocumentation for PPP support. The PPP protocol provides a method for\ntransmitting datagrams over serial point-to-point links. PPP is usually\nused to dial in to an Internet Service Provider (ISP) or other organization\nover a modem and phone line. \n\nSecurity Fix(es):\n\n* ppp: Buffer overflow in the eap_request and eap_response functions in\neap.c (CVE-2020-8597)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nppp-2.4.5-34.el7_7.src.rpm\n\nx86_64:\nppp-2.4.5-34.el7_7.x86_64.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nppp-debuginfo-2.4.5-34.el7_7.i686.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\nppp-devel-2.4.5-34.el7_7.i686.rpm\nppp-devel-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nppp-2.4.5-34.el7_7.src.rpm\n\nx86_64:\nppp-2.4.5-34.el7_7.x86_64.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nppp-debuginfo-2.4.5-34.el7_7.i686.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\nppp-devel-2.4.5-34.el7_7.i686.rpm\nppp-devel-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nppp-2.4.5-34.el7_7.src.rpm\n\nppc64:\nppp-2.4.5-34.el7_7.ppc64.rpm\nppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm\n\nppc64le:\nppp-2.4.5-34.el7_7.ppc64le.rpm\nppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm\n\ns390x:\nppp-2.4.5-34.el7_7.s390x.rpm\nppp-debuginfo-2.4.5-34.el7_7.s390x.rpm\n\nx86_64:\nppp-2.4.5-34.el7_7.x86_64.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nppp-debuginfo-2.4.5-34.el7_7.ppc.rpm\nppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm\nppp-devel-2.4.5-34.el7_7.ppc.rpm\nppp-devel-2.4.5-34.el7_7.ppc64.rpm\n\nppc64le:\nppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm\nppp-devel-2.4.5-34.el7_7.ppc64le.rpm\n\ns390x:\nppp-debuginfo-2.4.5-34.el7_7.s390.rpm\nppp-debuginfo-2.4.5-34.el7_7.s390x.rpm\nppp-devel-2.4.5-34.el7_7.s390.rpm\nppp-devel-2.4.5-34.el7_7.s390x.rpm\n\nx86_64:\nppp-debuginfo-2.4.5-34.el7_7.i686.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\nppp-devel-2.4.5-34.el7_7.i686.rpm\nppp-devel-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nppp-2.4.5-34.el7_7.src.rpm\n\nx86_64:\nppp-2.4.5-34.el7_7.x86_64.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nppp-debuginfo-2.4.5-34.el7_7.i686.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\nppp-devel-2.4.5-34.el7_7.i686.rpm\nppp-devel-2.4.5-34.el7_7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8597\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXlfen9zjgjWX9erEAQj4VxAAhoolIsxKBSxXvlTM4FIBi2+s77BlOiby\n1957YccCxFTvU0YP2LWqueepO/2Z9G/dBVGvej+JruD5Uc1qrIWyZNfnD9Y5CFw/\np1yTAKt0RM4XN9TeqXRn8ufYTMOU3hG1RIksbhKA1Wo8Xwf0BTj43BN9bv/7vHwj\n2GQEfp37ARKvBjrQDCKh5Yhe5vtLYHbC4NOkvZwt3pFc5Je001RFGwk5/sN2Vtiz\n91jazEJ9/duWvUn6O45vu1uTXRZnlPIQJmMtlD8+KbBVS4JK4oWoi9vyKM81y2AK\nJMlENiPstjEHOaIrdpd1nA1GWhPen4xNFMh1+4CGp7JfFPh8eUT59B8UDkBFdFzX\ntEyUqqb4xpNb+k2IMR50XZM9r5lGV8RQxex37EXOIyLzz4qSv6Anq/DcoP5cGbvu\niLAtSMJZz2BMJZ0a8+Cg6ynxbip1SqsgcmjbDRK/Ccf0CICvlj6apineUL9vtvBL\nTVEQnlqXO70uYLG3xTTLWiXqVradqATKzbUuPzvgME7aHGIRWyek4JvwCuetzR1/\nnyZts/ldBvmyob6KcUF7KejKUighqDwnoTmx6vWJlOT6DT3CZaS5tTvbZNd2kJk0\nnTmV6AD+yNcnI53FSh6WHPutUq3yDCQTEPojhgl13aDVXyzeAMmuzSOjFGG/+/GO\niXgkiSqdt/o=\n=Fzi6\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-19\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: PPP: Buffer overflow\n Date: March 15, 2020\n Bugs: #710308\n ID: 202003-19\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA buffer overflow in PPP might allow a remote attacker to execute\narbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dialup/ppp \u003c 2.4.8 \u003e= 2.4.8\n\nDescription\n===========\n\nIt was discovered that bounds check in PPP for the rhostname was\nimproperly constructed in the EAP request and response functions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PPP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dialup/ppp-2.4.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-8597\n https://nvd.nist.gov/vuln/detail/CVE-2020-8597\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-19\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8597"
},
{
"db": "CERT/CC",
"id": "VU#782301"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "PACKETSTORM",
"id": "168774"
},
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156561"
},
{
"db": "PACKETSTORM",
"id": "156549"
},
{
"db": "PACKETSTORM",
"id": "156559"
},
{
"db": "PACKETSTORM",
"id": "156554"
},
{
"db": "PACKETSTORM",
"id": "156739"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/782301",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8597",
"trust": 4.0
},
{
"db": "CERT/CC",
"id": "VU#782301",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-224-04",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "156662",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "156802",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-809841",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU99700555",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96514651",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156739",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.0696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0639",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0615",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0462",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0761",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0722",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1910",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156458",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2020030097",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46090",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-8597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168774",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156561",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156559",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156554",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
},
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "PACKETSTORM",
"id": "168774"
},
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156561"
},
{
"db": "PACKETSTORM",
"id": "156549"
},
{
"db": "PACKETSTORM",
"id": "156559"
},
{
"db": "PACKETSTORM",
"id": "156554"
},
{
"db": "PACKETSTORM",
"id": "156739"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"id": "VAR-202002-1458",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.8543956
},
"last_update_date": "2025-12-22T22:25:40.910000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "pppd: Fix bounds check in EAP code",
"trust": 0.8,
"url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
},
{
"title": "ppp Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=111043"
},
{
"title": "Red Hat: Important: ppp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200630 - Security Advisory"
},
{
"title": "Red Hat: Important: ppp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200634 - Security Advisory"
},
{
"title": "Red Hat: Important: ppp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200631 - Security Advisory"
},
{
"title": "Red Hat: Important: ppp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200633 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: ppp vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4288-1"
},
{
"title": "Ubuntu Security Notice: ppp vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4288-2"
},
{
"title": "Debian CVElist Bug Report Logs: ppp: CVE-2020-8597: Fix bounds check in EAP code",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a22a6da34189b0f5668819364fab3eb5"
},
{
"title": "Debian Security Advisories: DSA-4632-1 ppp -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=09892726301f394d4585b87fe5ae0272"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1371",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1371"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1400",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1400"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-8597 log"
},
{
"title": "Point-to-Point-Protocol-Daemon-RCE-Vulnerability-CVE-2020-8597-",
"trust": 0.1,
"url": "https://github.com/Dilan-Diaz/Point-to-Point-Protocol-Daemon-RCE-Vulnerability-CVE-2020-8597- "
},
{
"title": "Xiaomi Redmi Router AC2100",
"trust": 0.1,
"url": "https://github.com/Juanezm/openwrt-redmi-ac2100 "
},
{
"title": "CVE-2020-8597",
"trust": 0.1,
"url": "https://github.com/marcinguy/CVE-2020-8597 "
},
{
"title": "CVE-2020-8597",
"trust": 0.1,
"url": "https://github.com/WinMin/CVE-2020-8597 "
},
{
"title": "Xiaomi-RM2100-1.0.14-vs.-CVE-2020-8597\nadd howto:\nA quick http server for the current directory\nAnd in another window...\nStart pppoe-server in the foreground\nIn another window to trigger the exploit\nEnable uart and bootdelay, useful for testing or recovery if you have an uart adapter!\nSet kernel1 as the booting kernel\nCommit our nvram changes\nFlash the kernel\nFlash the rootfs and reboot",
"trust": 0.1,
"url": "https://github.com/syb999/pppd-cve "
},
{
"title": "Bulk Security Pull Request Generator",
"trust": 0.1,
"url": "https://github.com/JLLeitschuh/bulk-security-pr-generator "
},
{
"title": "Protocol-Vulnerability\nRelated Resources\nContributors",
"trust": 0.1,
"url": "https://github.com/WinMin/Protocol-Vul "
},
{
"title": "https://github.com/huike007/poc",
"trust": 0.1,
"url": "https://github.com/huike007/poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 2.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"
},
{
"trust": 3.0,
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-buffer-overflow.html"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-buffer-overflow.html"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8597"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0631"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0630"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0633"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0634"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202003-19"
},
{
"trust": 1.6,
"url": "https://github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636af"
},
{
"trust": 1.6,
"url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
},
{
"trust": 1.6,
"url": "https://www.synology.com/security/advisory/synology_sa_20_02"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2020/mar/6"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000061806/security-advisory-for-unauthenticated-remote-buffer-overflow-attack-in-pppd-on-wac510-psv-2020-0136"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20200313-0004/"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4288-2/"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4288-1/"
},
{
"trust": 1.6,
"url": "https://www.debian.org/security/2020/dsa-4632"
},
{
"trust": 1.6,
"url": "https://www.kb.cert.org/vuls/id/782301"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2020-8597"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/unjnhwoo4xf73m2w56ilzuy4jqg3jxir/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yofdaiowswpg732asyuzninmxdhy4ape/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8597 "
},
{
"trust": 0.8,
"url": "https://vulners.com/cve/cve-2020-8597"
},
{
"trust": 0.8,
"url": "http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86"
},
{
"trust": 0.8,
"url": "http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=d281d3e9592a3ca2ad0c3b7840f8036facc02f7b"
},
{
"trust": 0.8,
"url": "https://github.com/certcc/poc-exploits/tree/master/cve-2020-8597-pptpd"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96514651/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99700555/"
},
{
"trust": 0.8,
"url": "https://kb.cert.org/vuls/id/782301/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/unjnhwoo4xf73m2w56ilzuy4jqg3jxir/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yofdaiowswpg732asyuzninmxdhy4ape/"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/2020-06-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0639/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156739/gentoo-linux-security-advisory-202003-19.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0722/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0615/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0696/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0761/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020030097"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0462/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2766/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46090"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/ppp-buffer-overflow-via-eap-request-31562"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1910/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156458/ubuntu-security-notice-usn-4288-1.html"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/ppp"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4288-1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4288-2"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
},
{
"db": "PACKETSTORM",
"id": "168774"
},
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156561"
},
{
"db": "PACKETSTORM",
"id": "156549"
},
{
"db": "PACKETSTORM",
"id": "156559"
},
{
"db": "PACKETSTORM",
"id": "156554"
},
{
"db": "PACKETSTORM",
"id": "156739"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#782301"
},
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "PACKETSTORM",
"id": "168774"
},
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156561"
},
{
"db": "PACKETSTORM",
"id": "156549"
},
{
"db": "PACKETSTORM",
"id": "156559"
},
{
"db": "PACKETSTORM",
"id": "156554"
},
{
"db": "PACKETSTORM",
"id": "156739"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-04T00:00:00",
"db": "CERT/CC",
"id": "VU#782301"
},
{
"date": "2020-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"date": "2020-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "168774"
},
{
"date": "2020-03-02T20:48:57",
"db": "PACKETSTORM",
"id": "156597"
},
{
"date": "2020-02-27T15:59:22",
"db": "PACKETSTORM",
"id": "156561"
},
{
"date": "2020-02-27T14:02:22",
"db": "PACKETSTORM",
"id": "156549"
},
{
"date": "2020-02-27T15:44:44",
"db": "PACKETSTORM",
"id": "156559"
},
{
"date": "2020-02-27T17:02:22",
"db": "PACKETSTORM",
"id": "156554"
},
{
"date": "2020-03-15T14:00:00",
"db": "PACKETSTORM",
"id": "156739"
},
{
"date": "2020-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"date": "2020-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"date": "2020-02-03T23:15:11.387000",
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-15T00:00:00",
"db": "CERT/CC",
"id": "VU#782301"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"date": "2023-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"date": "2020-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"date": "2025-12-03T16:15:54.430000",
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156739"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "pppd vulnerable to buffer overflow due to a flaw in EAP packet processing",
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.