Monday, November 23, 19:09
Home security Critical vulnerability in ppp Daemon allows remote access to Linux systems

Critical vulnerability in ppp Daemon allows remote access to Linux systems

A critical buffer overflow vulnerability that allowed remote access users have access to systems Linux and root-level privileges, discovered in pppD (Daemon Protocol Point to Point).

PppD (Point to Point Daemon) is often used to manage network connections on Unix-based operating systems and is also used to manage broadband connections such as DSL, whether PPPoE or PPPoA is used.

One researcher discovered this crucial vulnerability located on the package processor of the Extensible Authentication Protocol (EAP) in the Point-to-Point Protocol Daemon (pppd).

A remote intruder may be able to cause buffer cache overflow, taking advantage of this vulnerability. It can allow attackers to carry out arbitrary executions code to the target system.

The vulnerability, discovered by Ilja Van Sprundel and named CVE-2020-8597, rated at 9,3 CVE. GBHackers has not found any code that has been exploited at this time for this vulnerability.

Here are the Linux distributions that confirmed this vulnerability running with pppd (Point to Point Daemon) in versions 2.4.2 to 2.4.8.

Debian GNU / Linux

Fedora Project

Red Hat

SUSE Linux

Ubuntu

The following vendors are also issuing an update,

Cisco

NetBSD

OpenWRT

Synology

TP-LINK

The buffer overflow vulnerability has affected several Linux distributions due to one error that cancels the size of the input before copying the data provided to μνήμη.

When validating the input size, if the data size is incorrect, it results in duplicate arbitrary data in memory and causes memory corruption that allows attackers to execute arbitrary code remotely.

Since the data not verified and size unknown, vulnerability destroys memory systemic destination.

PPP also runs at a high cost and works in conjunction with programs driver of the core, which allows attackers to gain privileges on a level root.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Details of Spotify users were exposed by hackers

A hacking team has gained unauthorized access to 350.000 Spotify accounts on the music streaming service. To achieve this ...

Black Friday: Tips for Secure Online Shopping

Black Friday and Cyber ​​Monday are two of the busiest days for online shopping. And of course ...

Photoshop: How to restore the old mode of Free Transform

Adobe recently changed the way Free Transform works. But you can restore the old way of working ...
00:02:56

EU: Ready to end end-to-end encryption?

End-to-end encryption is a security tool used by various applications, including Facebook Messenger, WhatsApp and Signal, for further ...

How to disable the "welcome tips" after the Windows 10 update

Windows 10 after an update sometimes opens a window with tips to show you what's new for ...

The Windows 10 KB4586819 update fixes several issues

Microsoft has released the cumulative non-security update KB4586819 preview for Windows 10 versions 1809, 1903 and 1909, with various fixes ...

Drupal websites are vulnerable to double-extension attacks!

The team behind Drupal Content Management System (CMS) released some security updates this week to fix a critical ...

Face recognition can identify bears and cows

Face recognition can be used to identify various animals such as bears and cows!

Google Workspace: How it unlocked the subscription software market

In fact, Google has made it easier for smaller players. A startup that starts in 2020 ...

Black Friday with online offers in COSMOTE and GERMANO

Press Release: Black Friday with online offers at COSMOTE and GERMANO November 23, 2020