Critical PPP Daemon vulnerability opens up Linux systems to RCE attacks

Critical PPP Daemon vulnerability opens up Linux systems to RCE attacks

Hello guys,

 

The US-CERT has issued an advisory warning users of the new remote code execution (RCE) vulnerability CVE-2020-8597affecting the PPPD (Point-to-Point Protocol Daemon) installed in almost all flavors of Linux based systems. Other than Linux systems, this vulnerability also affects few other networking applications and devices such as Cisco CallManager, TP-Link products, Synology, and OpenWRT Embedded OS. 

 

The vulnerability

The vulnerability CVE-2020-8597 exists due to an error in the Extensible Authentication Protocol (EAP) packet parser of the pppd software. If exploited, it could be used by a threat actor to execute arbitrary codes on the affected machines and take full control of them. Since pppd often runs with high privileges along with kernel drivers, this vulnerability could allow attackers to gain system or root-level privileges. 

 

Affected versions 

Point-to-Point Protocol Daemon version 2.4.2 through 2.4.8 are vulnerable to this flaw. The vulnerability exploits the following Linux distributions as well

  • Debian

  • Ubuntu

  • SUSE Linux

  • Fedora

  • NetBSD

  • Red Hat Enterprise Linux

 

Patch this vulnerability with Patch Manager Plus

This is a highly critical vulnerability with a CVSS score of 9.8, so we urge users to patch it at the earliest. Search for the following Patch IDs or bulletin IDs, download and deploy the security patches.

 

Red Hat - https://access.redhat.com/security/cve/cve-2020-8597

  • RHSA-2020:0630 - 1076231, 1076232, 1076233

  • RHSA-2020:0631 - 1076234, 1076235, 1076236, 1076237

 

Debian - https://www.debian.org/security/2020/dsa-4632

  • Patch IDs - 802442, 802443, 802444, 802445

  • Bulletin ID - dsa-4632

 

Ubuntu - https://usn.ubuntu.com/4288-1/

  • Patch IDs - 717844, 717845, 717846, 717847, 717848, 717849

  • Bulletin ID - USN-4288-1

 

Cheers,

ManageEngine Team

                New to ADSelfService Plus?