Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:782301
HistoryMar 04, 2020 - 12:00 a.m.

pppd vulnerable to buffer overflow due to a flaw in EAP packet processing

2020-03-0400:00:00
www.kb.cert.org
90

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.211

Percentile

96.4%

JSON

Overview

pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response subroutines.

Description

PPP is the protocol used for establishing internet links over dial-up modems, DSL connections, and many other types of point-to-point links including Virtual Private Networks (VPN) such as Point to Point Tunneling Protocol (PPTP). The pppd software can also authenticate a network connected peer and/or supply authentication information to the peer using multiple authentication protocols including EAP.

Due to a flaw in the Extensible Authentication Protocol (EAP) packet processing in the Point-to-Point Protocol Daemon (pppd), an unauthenticated remote attacker may be able to cause a stack buffer overflow, which may allow arbitrary code execution on the target system. This vulnerability is due to an error in validating the size of the input before copying the supplied data into memory. As the validation of the data size is incorrect, arbitrary data can be copied into memory and cause memory corruption possibly leading to execution of unwanted code.

The vulnerability is in the logic of the eap parsing code, specifically in the eap_request() and eap_response() functions in eap.c that are called by a network input handler. These functions take a pointer and length as input using the the first byte as a type. If the type is EAPT_MD5CHAP(4), it looks at an embedded 1-byte length field. The logic in this code is intended to makes sure that embedded length is smaller than the whole packet length. After this verification, it tries to copy provided data (hostname) that is located after the embedded length field into a local stack buffer. This bounds check is incorrect and allows for memory copy to happen with an arbitrary length of data.

An additional logic flaw causes the eap_input() function to not check if EAP has been negotiated during the Link Control Protocol (LCP) phase. This allows an unauthenticated attacker to send an EAP packet even if ppp refused the authentication negotiation due to lack of support for EAP or due to mismatch of an agreed pre-shared passphrase in the LCP phase. The vulnerable pppd code in eap_input will still process the EAP packet and trigger the stack buffer overflow. This unverified data with an unknown size can be used to corrupt memory of the target system. The pppd often runs with high privileges (system or root) and works in conjunction with kernel drivers. This makes it possible for an attacker to potentially execute arbitrary code with system or root level privileges.

The pppd software is also adopted into lwIP (lightweight IP) project to provide pppd capabilities for small devices. The default installer and packages of lwIP are not vulnerable to this buffer overflow. However if you have used the lwIP source code and configured specifically to enable EAP at compile time, your software is likely vulnerable to the buffer overflow. The recommended update is available from Git repoistory <http://git.savannah.nongnu.org/cgit/lwip.git&gt;.

This type of weakness is commonly associated in Common Weakness Enumeration (CWE) with CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’). A Proof-of-Concept exploit for PPTP VPN Servers with additional tools are available in the by CERT/CC PoC repository.

Impact

By sending an unsolicited EAP packet to a vulnerable ppp client or server, an unauthenticated remote attacker could cause memory corruption in the pppd process, which may allow for arbitrary code execution.

Solution

Apply updates

Update your software with the latest available patches provided by your software vendor. It is incorrect to assume that pppd is not vulnerable if EAP is not enabled or EAP has not been negotiated by a remote peer using a secret or passphrase. This is due to the fact that an authenticated attacker may still be able to send unsolicited EAP packet to trigger the buffer overflow.

If your software is packaged and created from the ppp source code, please obtain the latest software from github pppd repository.
<https://github.com/paulusmack/ppp&gt;
Patch referenced :
<https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426&gt;

In case of lwIP package that is compiled from source with EAP enabled at compile time, obtain the latest software from github
<http://git.savannah.nongnu.org/cgit/lwip.git&gt;
Patch referenced:
<http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86&gt;

Note: the latest software also includes ignoring out-of-order or unsolicited EAP packets from being processed as an additional precautionary measure. It is recommended that you use the latest available software from the appropriate Git repository that includes this fix.

Proof of Concept (PoC)

A proof-of-concept for testing if a PPTP server is vulnerable to cve-2020-8597 is available in the CERT/CC PoC respository

Detection Signature (IDS)

A Snort/Surricata IDS rule to detect cve-2020-8597 buffer overflow attempts against PPTP servers is also available in the CERT/CC PoC respository.

Workaround

There is no viable work around except to patch the software with updated software made available by the software vendors.

Acknowledgements

Thanks to Ilja Van Sprundel from IOActive for reporting this vulnerability.

This document was written by Vijay Sarvepalli.

Vendor Information

782301

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Amazon __ Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

Visit ALAS post https://alas.aws.amazon.com/AL2/ALAS-2020-1400.html for details of this vulnerability

References

CERT Addendum

Amazon Linux has adopted RedHat advisory and published their own updates. Please see Vendor URL section for details.

Arch Linux __ Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

We have not received a statement from the vendor.

References

CERT Addendum

ArchLinux has updated its advisory on March 7 2020,with ASA-202003-3 advisory with resolution statement"Upgrade to 2.4.7-7. #pacman -Syu"ppp>=2.4.7-7"The problem has been fixed upstream but no release is available yet."

CentOS __ Affected

Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

We have not received a statement from the vendor.

References

CERT Addendum

2020-02-25 - Jaroslav Skarvada[email protected]- 2.4.5-34 - Fixed buffer overflow in the eap_request and eap_response functions Resolves:CVE-2020-8597 Centos 8: Update provided follow the Vendor URL for your architecture Centos 7: Update provided follow the Vendor URL for your version and architecture Centos 6: End of Life no updates available

Check Point __ Affected

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

See Checkpoint security advisory sk165875 link in Vendor URL section.

References

Debian GNU/Linux __ Affected

Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

Package:ppp Version:2.4.6-3.1+deb8u1 CVE ID:CVE-2020-8597 Debian Bug:950618 Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp,the Point-to-Point Protocol daemon. When receiving an EAP Request message in client mode,an attacker was able to overflow the rhostname array by providing a very long name. This issue is also mitigated by Debian’s hardening build flags. For Debian 8"Jessie",this problem has been fixed in version 2.4.6-3.1+deb8u1. We recommend that you upgrade your ppp packages. Further information about Debian LTS security advisories,how to apply these updates to your system and frequently asked questions can be

References

CERT Addendum

Vendor bug report can be found in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950618

Fedora Project __ Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

We have not received a statement from the vendor.

References

CERT Addendum

Fedora Project has put out new software updates to address this issue on Fri,21 Feb 2020 16:44:33 UTC,please use the vendor’s URL’s to find the suitable update for your version of Fedora and your platform.

Google __ Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

We have not received a statement from the vendor.

References

CERT Addendum

Please see Google’s advisory that was recently published to acknowledge this issue.

NetBSD __ Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

We have not received a statement from the vendor.

References

CERT Addendum

NetBSD external ppp has been updated in the CVS repository. Users can set up pkg_admin to download the pkg-vulnerabilities file daily(URL in the Vendor URL section),and include a package audit in the daily security script. Details on this are located in the MESSAGE file for pkg_install.

OpenWRT __ Affected

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

Security Advisory 2020-02-21-1 - ppp buffer overflow vulnerability(CVE-2020-8597)DESCRIPTION A remotely exploitable vulnerability was found in Point-to-Point Protocol Daemon(pppd),which has a significant potential impact due to the possibility of remote code execution prior to authentication. OpenWrt by default enables the_FORTIFY_SOURCE=1 compiler macro which introduces additional checks to detect buffer-overflows in the standard library functions,thus protecting the memcpy()abused in this overflow,preventing the actual buffer overflow and hence possible remote code execution by instead terminating the pppd daemon. Due to those defaults the impact of the issue was changed to a denial of service vulnerability,which is now also addressed by this fix. CVE-2020-8597 has been assigned to this issue,you can find the latest version of this advisory on our wiki. REQUIREMENTS In order to exploit this vulnerability,a malicious attacker would need to provide specially crafted EAP Request packet of type EAPT_MD5CHAP to ppp running in client mode and thus overflowing the rhostname string buffer by providing a very long hostname. MITIGATIONS To fix this issue,update the affected ppp package using the command below. opkg update; opkg upgrade pppThe fix is contained in the following and later versions: OpenWrt master:2020-02-20 reboot-12255-g215598fd0389 OpenWrt 19.07:2020-02-20 v19.07.1-17-g6b7eeb74dbf8 OpenWrt 18.06:2020-02-20 v18.06.7-6-gcc78f934a946 AFFECTED VERSIONS To our knowledge,OpenWrt versions 18.06.0 to 18.06.7 and versions 19.07.0 to 19.07.1 are affected. The fixed packages will be integrated in the upcoming OpenWrt 18.06.8 and OpenWrt 19.07.2 releases. Older versions of OpenWrt(e.g. OpenWrt 15.05 and LEDE 17.01)are end of life and not supported any more.

References

PePLink __ Affected

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

We have not received a statement from the vendor.

References

Red Hat Inc. __ Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

The ppp packages distributed with Red Hat Enterprise Linux versions are compiled using gcc’s stack-protector feature. The"Stack Smashing Protection"may help mitigate code execution attacks for this flaw and limit its impact to crash only. This flaw only affects pppd servers and clients when EAP negotiation is used. pppd will refuse to do EAP negotiation unless it has an appropriate secret to use. The secret has to be added to/etc/ppp/chap-secrets. EAP can use CHAP or SRP as the underlying flavour of authentication,Red Hat packages are not compiled with SRP code.

References

CERT Addendum

Redhat has created a Bug ID 1800727 for this vulnerability. RedHat has put our updates for their supported platforms. The vendor URL section has links to these updates. It is assumed that EAP needs to be enabled for this vulnerability to be exposed. However this is not the case as shown by Ilja Van Spronkel that even if EAP is disabled,an unauthenticated and unsolicited EAP packet can be send to trigger this vulnerability.

SUSE Linux __ Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

We are indeed affected by this vulnerability in all our supported codestreams. However,this is mitigated by the FORTIFY_SOURCE overflow checking and also by the Stack Protector Overflow heuristic protection that our products ship. Updates are also on the way and we are going to release them within the next weeks. One can track the progress of the update along with all the affected software in our security page mentioned in the vendor URL section.

References

Sierra Wireless __ Affected

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

We have published a security advisory for this issue. All new information will be updated on the advisory link below.

References

Slackware Linux Inc. __ Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

We have not received a statement from the vendor.

References

CERT Addendum

Vendor has released a security advisory Wed,4 Mar 2020 14:34:55 PST. Check to make sure you are subscribed to [email protected] and [email protected] is in your whitelist to receive slackware’s security advisories.

Synology __ Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

Synology confirms the following products are affected: - DiskStation Manager(DSM)- VisualStation VS960HD - Synology Router Manager(SRM)Synology has published a security advisory on 2020-03-06 10:40:29 UTC+8 at https://www.synology.com/security/advisory/Synology_SA_20_02

References

TP-LINK __ Affected

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

We have published a security advisory for this issue(see link below in Vendor URLs section). And we are still working on this,and all new information will be updated on this advisory.

References

Ubiquiti Networks __ Affected

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

We have not received a statement from the vendor.

References

CERT Addendum

Ubiquiti Networks has put out advisory using their community releases with an updated firmware to address this vulnerability. Please check the URL’s below for obtaining the right firmware to patch your systems.

Ubuntu __ Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

We have not received a statement from the vendor.

References

CERT Addendum

The ppp security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS The problem can be corrected by updating your system to the following package versions respectively: Ubuntu 19.10 ppp - 2.4.7-2+4.1ubuntu4.1 Ubuntu 18.04 LTS - ppp - 2.4.7-2+2ubuntu1.2 Ubuntu 16.04 LTS - ppp - 2.4.7-1+2ubuntu1.16.04.2 To update your system,use system package manager provided as part of Ubuntu…

Wind River __ Affected

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Affected

Vendor Statement

We have not received a statement from the vendor.

References

CERT Addendum

Wind River support and defects page provides way to search for products affected by this vulnerability. As of Feb 4 2020,the security updates pages shows this CVE is being addressed by Windriver. Please use this defects page to search for your product or search for the CVE-2020-8597 as"Keyword"to obtain the relevant software and firmware updates.

AVM GmbH __ Not Affected

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

FRITZ!Box and other AVM products are not affected. AVM does not use the ppp implementation from the pppd project.

Actiontec __ Not Affected

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

We are using an older version of pppd that does not use EAP and does not have this vulnerability.

Apple __ Not Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

We have not received a statement from the vendor.

CERT Addendum

Apple has a forked version of ppp that was modified years earlier. It shows not affected due to the source code changes.

Arista Networks Inc. __ Not Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

Arista products do not have any features using pppd,hence no Arista products are affected.

Brocade Communication Systems __ Not Affected

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

No other Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities

CoreOS __ Not Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

CoreOS Container Linux does not ship pppd.

DrayTek Corporation __ Not Affected

Notified: 2020-02-13 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

Thank you for your request for Technical Support. EAP isn’t supported on 3900/2960/300B PPTP,so these should not be affected. The rest of the models are running in non-linux platform,the PPTP service isn’t using pppd either.

References

CERT Addendum

Updated information from Draytek March 6,2020 Draytek DSL models are running in our in-house OS,they won’t be affected by this vulnerability. Draytek also plans to add protection in the next firmware release to enhance the security for Vigor3900/2960,although EAP is not enabled or supported. Please check advisory URL mentioned below for updates.

Fortinet __ Not Affected

Notified: 2020-02-13 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

Fortinet FortiOS are not impacted by this vulnerability

FreeBSD Project __ Not Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

FreeBSD does not distribute pppd.

CERT Addendum

A review of the pppd source tree suggests that FreeBSD do not include pppd in the base system(removed in r190751 - ten years ago). The first pppd version that contained the vulnerability was 2.4.2,and FreeBSD has never shipped with that version.

HardenedBSD __ Not Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

HardenedBSD does not ship with this software in the base operating system.

Juniper Networks __ Not Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

Juniper is not impacted by this vulnerability

LANCOM Systems GmbH __ Not Affected

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

LANCOM Systems products are not vulnerable to these vulnerabilities.

MikroTik __ Not Affected

Notified: 2020-02-13 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

The described issue is with EAP authentication,which RouterOS doesn’t support for PPP

OpenBSD Not Affected

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

We have not received a statement from the vendor.

lwIP __ Not Affected

Notified: 2020-02-05 Updated: 2020-06-19 CVE-2020-8597 Not Affected

Vendor Statement

lwIP is a bit different than pppd,we added a lot of preprocessor directives to enable or disable features at compile time in order to reduce binary size output and EAP is disabled by default: http://git.savannah.nongnu.org/cgit/lwip.git/tree/src/include/netif/ppp/ppp_opts.h?id=d281d3e9592a3ca2ad0c3b7840f8036facc02f7b#n234 http://git.savannah.nongnu.org/cgit/lwip.git/tree/src/netif/ppp/eap.c?id=d2 81d3e9592a3ca2ad0c3b7840f8036facc02f7b#n46 That is,no product using lwIP were ever shipped with the EAP code compiled at all.

References

CERT Addendum

EAP was never used by any lwIP user. The lwIP PPP support is mostly used with cellular modems only as a framing protocol limited to the serial link between the MCU and the modem were security is less relevant because it is not authenticated anyway. The lwIP so far has had support for PAP,CHAP,MS-CHAP(tied to MPPE keys exchange),but EAP has never been enabled from compile time.

Cisco __ Unknown

Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

References

CERT Addendum

Cisco is investigating this issue and has assigned a bug ID CSCvs95534.

NetApp __ Unknown

Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

References

CERT Addendum

NetApp is investigating this issue and will continue to update this advisory as additional information becomes available. This advisory should be considered the single source of current,up-to-date,authorized and accurate information from NetApp. Advisory ID:NTAP-20200313-0004 Version:2.0 Last updated:03/16/2020 Status:Interim. CVEs:CVE-2020-8597.

A10 Networks Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

ACCESS Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

ADTRAN Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

ARRIS Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

ASUSTeK Computer Inc. Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

AT&T Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Alcatel-Lucent Enterprise Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Alpine Linux Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Aspera Inc. Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Avaya Inc. Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Belkin Inc. Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Buffalo Technology Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Comcast Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Cradlepoint Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

D-Link Systems Inc. Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Dell EMC Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

DesktopBSD Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Deutsche Telekom Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

DragonFly BSD Project Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Extreme Networks Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

F-Secure Corporation Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

F5 Networks Inc. Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Geexbox Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Gentoo Linux Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

HP Inc. Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Hewlett Packard Enterprise Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Hitachi Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Huawei Technologies Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

IBM Corporation Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Illumos Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Intel Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Joyent Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Lenovo Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Linksys Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Marconi Inc. Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Micro Focus Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Microsoft Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Mitel Networks Inc. Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Motorola Inc. Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

NEC Corporation Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Netgear Inc. Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Nexenta Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Nokia Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

OpenIndiana Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Openwall GNU/*/Linux Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Oracle Corporation Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

QNX Software Systems Inc. Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Quagga Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Quantenna Communications Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Ruckus Wireless Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

SMC Networks Inc. Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

SafeNet Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Sony Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

TDS Telecom Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Technicolor Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Tizen Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

TrueOS Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Turbolinux Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Unisys Corporation Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

XigmaNAS Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

Zyxel Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

dd-wrt Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

eero Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

m0n0wall Unknown

Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

pfSense Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

s2n Unknown

Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 Unknown

Vendor Statement

We have not received a statement from the vendor.

View all 102 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 7.7 E:F/RL:OF/RC:C
Environmental 7.7 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Other Information

CVE IDs: CVE-2020-8597
Date Public: 2020-02-02 Date First Published:

Related

nessus 36
openvas 22
fedora 2
centos 2
mageia 1
cvelist 1
osv 6
openwrt 1
debian 3
redos 17
archlinux 1
ubuntu 2
almalinux 1
slackware 1
zdt 1
oraclelinux 3
prion 1
cbl_mariner 1
redhatcve 1
redhat 4
debiancve 1
nvd 1
ubuntucve 1
rocky 1
gentoo 1
amazon 2
githubexploit 1
checkpoint_security 1
attackerkb 1
suse 1
packetstorm 1
cve 1
veracode 1
ics 1
thn 1
alpinelinux 1
altlinux 1
f5 1
threatpost 1
nessus
nessus
EulerOS 2.0 SP8 : ppp (EulerOS-SA-2020-1294)
2020-03-23 00:00:00
RHEL 6 : ppp (RHSA-2020:0631)
2020-02-28 00:00:00
GLSA-202003-19 : PPP: Buffer overflow
2020-03-16 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4288-1)
2020-02-21 00:00:00
Slackware: Security Advisory (SSA:2020-064-01)
2022-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0490-1)
2021-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: ppp-2.4.7-34.fc31
2020-03-11 22:47:00
[SECURITY] Fedora 30 Update: ppp-2.4.7-34.fc30
2020-03-08 00:08:43
centos
centos
ppp security update
2020-02-27 22:11:18
ppp security update
2020-02-27 22:14:32
mageia
mageia
Updated ppp packages fix security vulnerability
2020-03-13 00:47:01
cvelist
cvelist
CVE-2020-8597
2020-02-03 22:58:21
osv
osv
ppp - security update
2020-02-22 00:00:00
ppp-2.4.8-3.6 on GA media
2024-06-15 00:00:00
CVE-2020-8597
2020-02-03 23:15:11
openwrt
openwrt
Security Advisory 2020-02-21-1 - ppp buffer overflow vulnerability (CVE-2020-8597)
2020-02-21 00:00:00
debian
debian
[SECURITY] [DSA 4632-1] ppp security update
2020-02-22 11:38:48
[SECURITY] [DLA 2097-1] ppp security update
2020-02-09 18:15:31
[SECURITY] [DSA 4632-1] ppp security update
2020-02-22 11:38:48
redos
redos
ROS-2-807
2021-09-08 00:00:00
ROS-2-450
2024-03-13 00:00:00
ROS-2-643
2021-09-08 00:00:00
archlinux
archlinux
[ASA-202003-3] ppp: arbitrary code execution
2020-03-07 00:00:00
ubuntu
ubuntu
ppp vulnerability
2020-02-20 00:00:00
ppp vulnerability
2020-03-02 00:00:00
almalinux
almalinux
Important: ppp security update
2020-02-27 14:59:09
slackware
slackware
[slackware-security] ppp
2020-03-04 22:34:55
zdt
zdt
pppd 2.4.8 Buffer Overflow Exploit
2020-03-19 00:00:00
oraclelinux
oraclelinux
ppp security update
2020-02-27 00:00:00
ppp security update
2020-02-27 00:00:00
ppp security update
2020-02-27 00:00:00
prion
prion
Buffer overflow
2020-02-03 23:15:00
cbl_mariner
cbl_mariner
CVE-2020-8597 affecting package ppp for versions less than 2.4.7-36
2024-07-03 01:33:26
redhatcve
redhatcve
CVE-2020-8597
2020-04-08 22:01:55
redhat
redhat
(RHSA-2020:0630) Important: ppp security update
2020-02-27 14:07:48
(RHSA-2020:0633) Important: ppp security update
2020-02-27 14:59:09
(RHSA-2020:0631) Important: ppp security update
2020-02-27 14:09:14
debiancve
debiancve
CVE-2020-8597
2020-02-03 23:15:11
nvd
nvd
CVE-2020-8597
2020-02-03 23:15:11
ubuntucve
ubuntucve
CVE-2020-8597
2020-02-03 00:00:00
rocky
rocky
ppp security update
2020-02-27 14:59:09
gentoo
gentoo
PPP: Buffer overflow
2020-03-15 00:00:00
amazon
amazon
Important: ppp
2020-05-22 20:57:00
Important: ppp
2020-03-02 23:45:00
githubexploit
githubexploit
Exploit for Classic Buffer Overflow in Point-To-Point Protocol Project Point-To-Point Protocol
2020-05-12 15:55:08
checkpoint_security
checkpoint_security
Check Point Response to CVE-2020-8597 (PPP buffer overflow vulnerability)
2020-03-19 09:05:39
attackerkb
attackerkb
CVE-2020-8597 rhostname buffer overflow in pppd
2020-02-03 00:00:00
suse
suse
Security update for ppp (important)
2020-03-02 00:00:00
packetstorm
packetstorm
pppd 2.4.8 Buffer Overflow
2020-03-18 00:00:00
cve
cve
CVE-2020-8597
2020-02-03 23:15:11
veracode
veracode
Arbitrary Code Execution
2020-08-06 21:28:48
ics
ics
Siemens SCALANCE, RUGGEDCOM
2020-08-11 12:00:00
thn
thn
Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers
2020-03-05 17:30:00
alpinelinux
alpinelinux
CVE-2020-8597
2020-02-03 23:15:11
altlinux
altlinux
Security fix for the ALT Linux 9 package ppp version 2.4.7-alt6
2020-03-13 00:00:00
f5
f5
K73217235 : pppd vulnerability CVE-2020-8597
2020-03-10 00:00:00
threatpost
threatpost
Two Critical Android Bugs Open Door to RCE
2020-06-02 17:10:58

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.211

Percentile

96.4%

JSON
Related for VU:782301
nessus36openvas22fedora2centos2mageia1cvelist1osv6openwrt1debian3redos17archlinux1ubuntu2almalinux1slackware1zdt1oraclelinux3prion1cbl_mariner1redhatcve1redhat4debiancve1nvd1ubuntucve1rocky1gentoo1amazon2githubexploit1checkpoint_security1attackerkb1suse1packetstorm1cve1veracode1ics1thn1alpinelinux1altlinux1f51threatpost1