Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
670
VMScore

CVE-2020-8597

Published: 03/02/2020 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Point-to-point Protocol

Vulnerability Summary

eap.c in pppd in ppp 2.4.2 up to and including 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

point-to-point protocol project point-to-point protocol

wago pfc_firmware

debian debian linux 9.0

debian debian linux 10.0

canonical ubuntu linux 18.04

canonical ubuntu linux 19.04

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

Vendor Advisories

Debian CVElist Bug Report Logs: ppp: CVE-2020-8597: Fix bounds check in EAP code
Debian Bug report logs - #950618 ppp: CVE-2020-8597: Fix bounds check in EAP code Package: src:ppp; Maintainer for src:ppp is Chris Boot <bootc@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Feb 2020 09:45:01 UTC Severity: important Tags: security, upstream Found in versions ppp/24 ...
Red Hat: Important: ppp security update
Synopsis Important: ppp security update Type/Severity Security Advisory: Important Topic An update for ppp is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...
Red Hat: Important: ppp security update
Synopsis Important: ppp security update Type/Severity Security Advisory: Important Topic An update for ppp is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...
Red Hat: Important: ppp security update
Synopsis Important: ppp security update Type/Severity Security Advisory: Important Topic An update for ppp is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...
Red Hat: Important: ppp security update
Synopsis Important: ppp security update Type/Severity Security Advisory: Important Topic An update for ppp is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Debian Security Advisories: DSA-4632-1 ppp -- security update
Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol (EAP) packet parser in the Point-to-Point Protocol Daemon (pppd) An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service (pppd daemon crash) For the oldstable distribution (stretch), this pro ...
Ubuntu Security Notice: ppp vulnerability
ppp could be made to crash or run programs if it received specially crafted network traffic ...
Ubuntu Security Notice: ppp vulnerability
ppp could be made to crash or run programs if it received specially crafted network traffic ...
Amazon Linux AMI: ALAS-2020-1371
eapc in pppd in ppp 242 through 248 has an rhostname buffer overflow in the eap_request and eap_response functions(CVE-2020-8597) ...
Amazon Linux 2: ALAS2-2020-1400
eapc in pppd in ppp 242 through 248 has an rhostname buffer overflow in the eap_request and eap_response functions (CVE-2020-8597) ...
Arch Linux Issues:
eapc in pppd in ppp 242 through 248 has an rhostname buffer overflow in the eap_request and eap_response functions ...

Exploits

Exploit DB: pppd 2.4.8 Buffer Overflow
pppd versions 242 through 248 buffer overflow exploit ...

Mailing Lists

Full Disclosure: Buffer overflow in pppd - CVE-2020-8597
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Buffer overflow in pppd - CVE-2020-8597 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Marcin Kozlowski ...

Github Repositories

https://github.com/JLLeitschuh/bulk-security-pr-generator

Generate thousands of pull requests to fix widespread security vulnerabilities across GitHub.

Bulk Security Pull Request Generator Used to generate bulk pull requests (PRs) against projects to fix security vulnerabilities These 'bulk fixes' are done as a part of the new GitHub Security Lab Bug Bounty Program Data is sourced from queries on lgtmcom and used to create bulk pull-requests to fix these security vulnerabilities Features Built-in crash recovery

https://github.com/marcinguy/CVE-2020-8597

CVE-2020-8597

CVE-2020-8597 eapc in pppd in ppp 242 through 248 has an rhostname buffer overflow in the eap_request and eap_response functions If you manage to get "EAP: unauthenticated peer name" long enough, seems like my client limits it to 255, you can do Buffer Overflow You still have to beat the Stack Canaries, so crash is the most possible Ubuntu 16046 LTS and poss

https://github.com/Dilan-Diaz/Point-to-Point-Protocol-Daemon-RCE-Vulnerability-CVE-2020-8597-

Point-to-Point-Protocol-Daemon-RCE-Vulnerability-CVE-2020-8597- Sri Lanka Institute of Information Technology Assignment 1 M P D M Dias IT19165530 MLB_WD_Y2S1_131 Point to Point Protocol Daemon RCE Vulnerability (CVE-2020-8597) Systems and

https://github.com/WinMin/CVE-2020-8597

CVE-2020-8597 pppd buffer overflow poc

CVE-2020-8597 I use two virtual machines to test on the same computerOne as server and one as client,and they all use NAT for network connection So they are all under the ens33 network card set up a pppoe-server You can set up the service according to the following article askubuntucom/questions/934685/pppoe-server-on-ubuntu-14-04-not-working-peer-xxx-failed-chap

https://github.com/Juanezm/openwrt-redmi-ac2100

Xiaomi Redmi Router AC2100 The Xiaomi Redmi Router AC2100 is a wireless router based on the MT7621 platform While it can be acquired for relatively low cost compared to other units with similar specifications, it requires a somewhat complex installation process in order to bypass a locked down stock firmware to install OpenWrt Installation Installation of OpenWrt on this devi

https://github.com/syb999/pppd-cve

Xiaomi-RM2100-1014-vs-CVE-2020-8597 Specification: CPU: MediaTek MT7621A RAM: 128 MB DDR3 FLASH: 128 MB ESMT NAND WIFI: 2x2 80211bgn (MT7603) WIFI: 4x4 80211ac (MT7615) ETH: 3xLAN+1xWAN 1000base-T LED: Power, WAN, in Amber and White UART: On board near ethernet, opposite side from power Modified u-boot Installation: Run linked exploit to get shell, startup telnet and wget

References

CWE-120https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426https://lists.debian.org/debian-lts-announce/2020/02/msg00005.htmlhttps://www.debian.org/security/2020/dsa-4632https://access.redhat.com/errata/RHSA-2020:0631http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.htmlhttps://access.redhat.com/errata/RHSA-2020:0633https://access.redhat.com/errata/RHSA-2020:0634https://access.redhat.com/errata/RHSA-2020:0630https://usn.ubuntu.com/4288-1/https://www.kb.cert.org/vuls/id/782301http://seclists.org/fulldisclosure/2020/Mar/6http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.htmlhttps://www.synology.com/security/advisory/Synology_SA_20_02https://security.netapp.com/advisory/ntap-20200313-0004/https://security.gentoo.org/glsa/202003-19https://usn.ubuntu.com/4288-2/http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.htmlhttps://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdfhttps://us-cert.cisa.gov/ics/advisories/icsa-20-224-04https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950618https://nvd.nist.govhttps://usn.ubuntu.com/4288-1/https://www.kb.cert.org/vuls/id/782301
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook