ALT-PU-2020-1444-1
Closed vulnerabilities
Published: 2020-03-16
BDU:2020-01026
Уязвимость функций eap_request и eap_response демона pppd протокола PPP (Point-to-Point Protocol), позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.3)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2020-02-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-8597
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2020:0286
- openSUSE-SU-2020:0286
- http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html
- http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html
- http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html
- http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html
- 20200306 Buffer overflow in pppd - CVE-2020-8597
- 20200306 Buffer overflow in pppd - CVE-2020-8597
- RHSA-2020:0630
- RHSA-2020:0630
- RHSA-2020:0631
- RHSA-2020:0631
- RHSA-2020:0633
- RHSA-2020:0633
- RHSA-2020:0634
- RHSA-2020:0634
- https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf
- https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
- https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
- https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136
- https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136
- [debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update
- [debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update
- FEDORA-2020-571091c70b
- FEDORA-2020-571091c70b
- FEDORA-2020-4304397fe0
- FEDORA-2020-4304397fe0
- GLSA-202003-19
- GLSA-202003-19
- https://security.netapp.com/advisory/ntap-20200313-0004/
- https://security.netapp.com/advisory/ntap-20200313-0004/
- https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04
- https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04
- USN-4288-1
- USN-4288-1
- USN-4288-2
- USN-4288-2
- DSA-4632
- DSA-4632
- VU#782301
- VU#782301
- https://www.synology.com/security/advisory/Synology_SA_20_02
- https://www.synology.com/security/advisory/Synology_SA_20_02