← voltar
CVE-2020-8597

CVE-2020-8597

CVSS 9.8 CRITICALEPSS 19.4%CWE-120
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
n/a · n/a
PoCs públicas encontradas6
githubgithub.com/winmin/CVE-2020-859747githubgithub.com/lakwsh/CVE-2020-85976githubgithub.com/dointisme/CVE-2020-85970githubgithub.com/Dilan-Diaz/Point-to-Point-Protocol-Daemon-RCE-Vulnerability-CVE-2020-8597-0cve_referencepacketstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.htmlnão verificadocve_referencepacketstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.htmlhttp://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.htmlhttps://access.redhat.com/errata/RHSA-2020:0630https://access.redhat.com/errata/RHSA-2020:0631https://access.redhat.com/errata/RHSA-2020:0633https://access.redhat.com/errata/RHSA-2020:0634https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdfhttp://seclists.org/fulldisclosure/2020/Mar/6https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html