A 17-year-old critical remote code execution vulnerability affecting the PPP Daemon software exposes most Linux systems to hack.
The US-CERT issued a security advisory warning users of the RCE in the PPP daemon (pppd) software that is part of almost all Linux based operating systems.
The flaw, tracked as CVE-2020-8597, was discovered by the expert Ilja Van Sprundel from IOActive, it is a stack buffer overflow issue that is caused by a logical error in the Extensible Authentication Protocol (EAP) packet parser of the
The vulnerability can be exploited by remote attackers to execute arbitrary code on affected systems and take full control over them.
It could be exploited by sending an unsolicited malformed EAP packet to a vulnerable ppp client or a server.
The CVE-2020-8597 remote code execution issue received a CVSS Score 9.8, it affects PPP Daemon versions 2.4.2 through 2.4.8.
“This vulnerability is due to an error in validating the size of the input before copying the supplied data into memory. As the validation of the data size is incorrect, arbitrary data can be copied into memory and cause memory corruption possibly leading to execution of unwanted code.” reads the security advisory published by the expert.
“The vulnerability is in the logic of the
The expert pointed out that the
“It is incorrect to assume that
The vulnerability affects the most popular Linux distributions, below the associated advisories:
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.