← volver
CVE-2020-8597

CVE-2020-8597

CVSS 9.8 CRITICALEPSS 19.4%CWE-120
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/a
PoCs públicas encontradas6
githubgithub.com/winmin/CVE-2020-859747githubgithub.com/lakwsh/CVE-2020-85976githubgithub.com/dointisme/CVE-2020-85970githubgithub.com/Dilan-Diaz/Point-to-Point-Protocol-Daemon-RCE-Vulnerability-CVE-2020-8597-0cve_referencepacketstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.htmlno verificadocve_referencepacketstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.htmlhttp://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.htmlhttps://access.redhat.com/errata/RHSA-2020:0630https://access.redhat.com/errata/RHSA-2020:0631https://access.redhat.com/errata/RHSA-2020:0633https://access.redhat.com/errata/RHSA-2020:0634https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdfhttp://seclists.org/fulldisclosure/2020/Mar/6https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html