Hello guys,
The US-CERT has issued an advisory warning users of the new remote code execution (RCE) vulnerability CVE-2020-8597, affecting the PPPD (Point-to-Point Protocol Daemon) installed in almost all flavors of Linux based systems. Other than Linux systems, this vulnerability also affects few other networking applications and devices such as Cisco CallManager, TP-Link products, Synology, and OpenWRT Embedded OS.
The vulnerability
The vulnerability CVE-2020-8597 exists due to an error in the Extensible Authentication Protocol (EAP) packet parser of the pppd software. If exploited, it could be used by a threat actor to execute arbitrary codes on the affected machines and take full control of them. Since pppd often runs with high privileges along with kernel drivers, this vulnerability could allow attackers to gain system or root-level privileges.
Affected versions
Point-to-Point Protocol Daemon version 2.4.2 through 2.4.8 are vulnerable to this flaw. The vulnerability exploits the following Linux distributions as well
Debian
Ubuntu
SUSE Linux
Fedora
NetBSD
Red Hat Enterprise Linux
Patch this vulnerability with Patch Manager Plus
This is a highly critical vulnerability with a CVSS score of 9.8, so we urge users to patch it at the earliest. Search for the following Patch IDs or bulletin IDs, download and deploy the security patches.
Red Hat - https://access.redhat.com/security/cve/cve-2020-8597
RHSA-2020:0630 - 1076231, 1076232, 1076233
RHSA-2020:0631 - 1076234, 1076235, 1076236, 1076237
Debian - https://www.debian.org/security/2020/dsa-4632
Patch IDs - 802442, 802443, 802444, 802445
Bulletin ID - dsa-4632
Ubuntu - https://usn.ubuntu.com/4288-1/
Patch IDs - 717844, 717845, 717846, 717847, 717848, 717849
Bulletin ID - USN-4288-1
Cheers,