Essential PPP Daemon Vulnerability Exposes Most Linux Systems to Remote Hacking

The United States-ECRT today released advisory warns users about a new dangerous remote code execution vulnerability of 17 years old, which affects the PPP daemon program (pppd) that has already been installed on almost all Linux-based operating systems.

 PPP is a Point-to-Point Protocol (PPP) application which enables communication, transmission and transmission of data between nodes, mainly for Internet connection, such as dial-up modems, DSL broadband connections and virtual private networks.

IOActive Security Researcher Ilja Van Sprundel has discovered that the key issue is a flaw in the pppd program stack buffer overflow due to a logical error in the extensible authentication protocol (EAP) packet parser

CVE-2020-8597 can be monitored with CVSS Score 9.8 to remotely execute arbitrary code on affected systems and take full control over it by unauthenticated attackers.

For this, a corrupted ppp client or server should only be able to send an unwanted malformed EAP packet.  However, because pppd also operates with high-privileges and kernel drivers, the bug can permit attackers to execute malicious code with machine or root-level privileges.

This flaw is caused by an error when validating the input size before memory copy of the given data. Because the data size validation is wrong, arbitrary data can be memory copied and memory corruption can result, potentially in unwanted code execution, according to the advisory.

According to the researcher, Daemon versions of Point-to-Point Protocol 2.4.2 to 2.4.8— all released during the last 17 years — are vulnerable to this new remote vulnerability to execute code.

Some of the popular Linux distributions that are commonly used and have been listed below are already verified and many other projects are also most likely affected.
°SUsU linux

It is recommended to introduce security patches for users of operating systems that are affected, Once become avaliable .
Previous Post Next Post