var-202002-1458
Vulnerability from variot
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. ppp Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ========================================================================= Ubuntu Security Notice USN-4288-2 March 02, 2020
ppp vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
ppp could be made to crash or run programs if it received specially crafted network traffic. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that ppp incorrectly handled certain rhostname values.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: ppp 2.4.5-5.1ubuntu2.3+esm1
Ubuntu 12.04 ESM: ppp 2.4.5-5ubuntu1.3
In general, a standard system update will make all the necessary changes. 6) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: ppp security update Advisory ID: RHSA-2020:0630-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0630 Issue date: 2020-02-27 CVE Names: CVE-2020-8597 =====================================================================
- Summary:
An update for ppp is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line.
Security Fix(es):
- ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: ppp-2.4.5-34.el7_7.src.rpm
x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ppp-2.4.5-34.el7_7.src.rpm
x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ppp-2.4.5-34.el7_7.src.rpm
ppc64: ppp-2.4.5-34.el7_7.ppc64.rpm ppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm
ppc64le: ppp-2.4.5-34.el7_7.ppc64le.rpm ppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm
s390x: ppp-2.4.5-34.el7_7.s390x.rpm ppp-debuginfo-2.4.5-34.el7_7.s390x.rpm
x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: ppp-debuginfo-2.4.5-34.el7_7.ppc.rpm ppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm ppp-devel-2.4.5-34.el7_7.ppc.rpm ppp-devel-2.4.5-34.el7_7.ppc64.rpm
ppc64le: ppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm ppp-devel-2.4.5-34.el7_7.ppc64le.rpm
s390x: ppp-debuginfo-2.4.5-34.el7_7.s390.rpm ppp-debuginfo-2.4.5-34.el7_7.s390x.rpm ppp-devel-2.4.5-34.el7_7.s390.rpm ppp-devel-2.4.5-34.el7_7.s390x.rpm
x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ppp-2.4.5-34.el7_7.src.rpm
x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8597 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXlfen9zjgjWX9erEAQj4VxAAhoolIsxKBSxXvlTM4FIBi2+s77BlOiby 1957YccCxFTvU0YP2LWqueepO/2Z9G/dBVGvej+JruD5Uc1qrIWyZNfnD9Y5CFw/ p1yTAKt0RM4XN9TeqXRn8ufYTMOU3hG1RIksbhKA1Wo8Xwf0BTj43BN9bv/7vHwj 2GQEfp37ARKvBjrQDCKh5Yhe5vtLYHbC4NOkvZwt3pFc5Je001RFGwk5/sN2Vtiz 91jazEJ9/duWvUn6O45vu1uTXRZnlPIQJmMtlD8+KbBVS4JK4oWoi9vyKM81y2AK JMlENiPstjEHOaIrdpd1nA1GWhPen4xNFMh1+4CGp7JfFPh8eUT59B8UDkBFdFzX tEyUqqb4xpNb+k2IMR50XZM9r5lGV8RQxex37EXOIyLzz4qSv6Anq/DcoP5cGbvu iLAtSMJZz2BMJZ0a8+Cg6ynxbip1SqsgcmjbDRK/Ccf0CICvlj6apineUL9vtvBL TVEQnlqXO70uYLG3xTTLWiXqVradqATKzbUuPzvgME7aHGIRWyek4JvwCuetzR1/ nyZts/ldBvmyob6KcUF7KejKUighqDwnoTmx6vWJlOT6DT3CZaS5tTvbZNd2kJk0 nTmV6AD+yNcnI53FSh6WHPutUq3yDCQTEPojhgl13aDVXyzeAMmuzSOjFGG/+/GO iXgkiSqdt/o= =Fzi6 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, ppc64le, s390x, x86_64
-
Gentoo Linux Security Advisory GLSA 202003-19
https://security.gentoo.org/
Severity: High Title: PPP: Buffer overflow Date: March 15, 2020 Bugs: #710308 ID: 202003-19
Synopsis
A buffer overflow in PPP might allow a remote attacker to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dialup/ppp < 2.4.8 >= 2.4.8
Description
It was discovered that bounds check in PPP for the rhostname was improperly constructed in the EAP request and response functions.
Impact
A remote attacker, by sending specially crafted authentication data, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All PPP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dialup/ppp-2.4.8"
References
[ 1 ] CVE-2020-8597 https://nvd.nist.gov/vuln/detail/CVE-2020-8597
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-19
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
For the oldstable distribution (stretch), this problem has been fixed in version 2.4.7-1+4+deb9u1.
For the stable distribution (buster), this problem has been fixed in version 2.4.7-2+4.1+deb10u1.
For the detailed security status of ppp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ppp
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl5REqZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SD8g/9Ff6xy7FrjoHactYr1UIlubUzQvHRkou9rNWjCpos0GlTaUtYY8GIEwyT GyngmqnOnghAHw+ZrvIvJbRDfLpSsa/5V6D6Fa3v9U0RXcHM71fnLqB4KOuH8c4l cdt2zJjtmnsJFsnla1HOIB46QEfN9rBKzi5uBVBPRejFcbpzq5U3wHtb4C8w7Q3v hlPK8GDppQcT2fA7Zl3MlRy3TkmpWjq3TT3E5vjnrh2TQ4ObnmeYOSCY0d/s7pM/ pQ3bFfNZhNiWievJgMyXRFjPf132d97w0MOzrR7tTzJJfBOk8ym+yhC6c6caXycg 9ml5B2BTHZvwSRiLCE9QOtjRDrlCe69j1FzCPNibkDnJXMo/qMUbpvk/iOC0945X /LGRgLySMufDsRF6bYc0TMpLc2S9WgTFIss7gGN6GgkuHqU95N7lwvf2WqrFYJeg JAP0X+1PQhfsq06IkG5tsnYm8Dc6au8mD/+u6ADY+jUV7cFHIlbgwm/ciFjYe1N7 VZwFKnKjuokH79A6S8TW+xvlqfH/20YTtMrrQX6fZd1gqWwWjBmAWY0fPGetiVl0 yCt9OiBZG3P2FqerAeUB2fRfRaFXBmTUzxQc00D5WlAOZ7qh+6/qyh04Re6jq4zI euFQYtUBSLJxB+ZK5DuFUbYQUXodIXHRaW3t/1ydru7W/3arZrI= =abUf -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-1458",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "pfc",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.04.10\\(16\\)"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "point-to-point protocol",
"scope": "lte",
"trust": 1.0,
"vendor": "point to point protocol",
"version": "2.4.8"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "point-to-point protocol",
"scope": "gte",
"trust": 1.0,
"vendor": "point to point protocol",
"version": "2.4.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "point-to-point protocol",
"scope": "eq",
"trust": 0.8,
"vendor": "point to point protocol",
"version": "2.4.2 \u304b\u3089 2.4.8"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.8",
"versionStartIncluding": "2.4.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "03.04.10\\(16\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu, Ventsislav Varbanovski,Marcin Kozlowski,nu11secur1ty,Gentoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
}
],
"trust": 0.6
},
"cve": "CVE-2020-8597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-001593",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-8597",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-001593",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8597",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-001593",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-029",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-8597",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. ppp Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. =========================================================================\nUbuntu Security Notice USN-4288-2\nMarch 02, 2020\n\nppp vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nppp could be made to crash or run programs if it received specially crafted network traffic. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that ppp incorrectly handled certain rhostname values. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n ppp 2.4.5-5.1ubuntu2.3+esm1\n\nUbuntu 12.04 ESM:\n ppp 2.4.5-5ubuntu1.3\n\nIn general, a standard system update will make all the necessary changes. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: ppp security update\nAdvisory ID: RHSA-2020:0630-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:0630\nIssue date: 2020-02-27\nCVE Names: CVE-2020-8597 \n=====================================================================\n\n1. Summary:\n\nAn update for ppp is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe ppp packages contain the Point-to-Point Protocol (PPP) daemon and\ndocumentation for PPP support. The PPP protocol provides a method for\ntransmitting datagrams over serial point-to-point links. PPP is usually\nused to dial in to an Internet Service Provider (ISP) or other organization\nover a modem and phone line. \n\nSecurity Fix(es):\n\n* ppp: Buffer overflow in the eap_request and eap_response functions in\neap.c (CVE-2020-8597)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nppp-2.4.5-34.el7_7.src.rpm\n\nx86_64:\nppp-2.4.5-34.el7_7.x86_64.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nppp-debuginfo-2.4.5-34.el7_7.i686.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\nppp-devel-2.4.5-34.el7_7.i686.rpm\nppp-devel-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nppp-2.4.5-34.el7_7.src.rpm\n\nx86_64:\nppp-2.4.5-34.el7_7.x86_64.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nppp-debuginfo-2.4.5-34.el7_7.i686.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\nppp-devel-2.4.5-34.el7_7.i686.rpm\nppp-devel-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nppp-2.4.5-34.el7_7.src.rpm\n\nppc64:\nppp-2.4.5-34.el7_7.ppc64.rpm\nppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm\n\nppc64le:\nppp-2.4.5-34.el7_7.ppc64le.rpm\nppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm\n\ns390x:\nppp-2.4.5-34.el7_7.s390x.rpm\nppp-debuginfo-2.4.5-34.el7_7.s390x.rpm\n\nx86_64:\nppp-2.4.5-34.el7_7.x86_64.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nppp-debuginfo-2.4.5-34.el7_7.ppc.rpm\nppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm\nppp-devel-2.4.5-34.el7_7.ppc.rpm\nppp-devel-2.4.5-34.el7_7.ppc64.rpm\n\nppc64le:\nppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm\nppp-devel-2.4.5-34.el7_7.ppc64le.rpm\n\ns390x:\nppp-debuginfo-2.4.5-34.el7_7.s390.rpm\nppp-debuginfo-2.4.5-34.el7_7.s390x.rpm\nppp-devel-2.4.5-34.el7_7.s390.rpm\nppp-devel-2.4.5-34.el7_7.s390x.rpm\n\nx86_64:\nppp-debuginfo-2.4.5-34.el7_7.i686.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\nppp-devel-2.4.5-34.el7_7.i686.rpm\nppp-devel-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nppp-2.4.5-34.el7_7.src.rpm\n\nx86_64:\nppp-2.4.5-34.el7_7.x86_64.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nppp-debuginfo-2.4.5-34.el7_7.i686.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\nppp-devel-2.4.5-34.el7_7.i686.rpm\nppp-devel-2.4.5-34.el7_7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8597\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXlfen9zjgjWX9erEAQj4VxAAhoolIsxKBSxXvlTM4FIBi2+s77BlOiby\n1957YccCxFTvU0YP2LWqueepO/2Z9G/dBVGvej+JruD5Uc1qrIWyZNfnD9Y5CFw/\np1yTAKt0RM4XN9TeqXRn8ufYTMOU3hG1RIksbhKA1Wo8Xwf0BTj43BN9bv/7vHwj\n2GQEfp37ARKvBjrQDCKh5Yhe5vtLYHbC4NOkvZwt3pFc5Je001RFGwk5/sN2Vtiz\n91jazEJ9/duWvUn6O45vu1uTXRZnlPIQJmMtlD8+KbBVS4JK4oWoi9vyKM81y2AK\nJMlENiPstjEHOaIrdpd1nA1GWhPen4xNFMh1+4CGp7JfFPh8eUT59B8UDkBFdFzX\ntEyUqqb4xpNb+k2IMR50XZM9r5lGV8RQxex37EXOIyLzz4qSv6Anq/DcoP5cGbvu\niLAtSMJZz2BMJZ0a8+Cg6ynxbip1SqsgcmjbDRK/Ccf0CICvlj6apineUL9vtvBL\nTVEQnlqXO70uYLG3xTTLWiXqVradqATKzbUuPzvgME7aHGIRWyek4JvwCuetzR1/\nnyZts/ldBvmyob6KcUF7KejKUighqDwnoTmx6vWJlOT6DT3CZaS5tTvbZNd2kJk0\nnTmV6AD+yNcnI53FSh6WHPutUq3yDCQTEPojhgl13aDVXyzeAMmuzSOjFGG/+/GO\niXgkiSqdt/o=\n=Fzi6\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-19\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: PPP: Buffer overflow\n Date: March 15, 2020\n Bugs: #710308\n ID: 202003-19\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA buffer overflow in PPP might allow a remote attacker to execute\narbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dialup/ppp \u003c 2.4.8 \u003e= 2.4.8\n\nDescription\n===========\n\nIt was discovered that bounds check in PPP for the rhostname was\nimproperly constructed in the EAP request and response functions. \n\nImpact\n======\n\nA remote attacker, by sending specially crafted authentication data,\ncould possibly execute arbitrary code with the privileges of the\nprocess or cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PPP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dialup/ppp-2.4.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-8597\n https://nvd.nist.gov/vuln/detail/CVE-2020-8597\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-19\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 2.4.7-1+4+deb9u1. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.4.7-2+4.1+deb10u1. \n\nFor the detailed security status of ppp please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/ppp\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl5REqZfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0SD8g/9Ff6xy7FrjoHactYr1UIlubUzQvHRkou9rNWjCpos0GlTaUtYY8GIEwyT\nGyngmqnOnghAHw+ZrvIvJbRDfLpSsa/5V6D6Fa3v9U0RXcHM71fnLqB4KOuH8c4l\ncdt2zJjtmnsJFsnla1HOIB46QEfN9rBKzi5uBVBPRejFcbpzq5U3wHtb4C8w7Q3v\nhlPK8GDppQcT2fA7Zl3MlRy3TkmpWjq3TT3E5vjnrh2TQ4ObnmeYOSCY0d/s7pM/\npQ3bFfNZhNiWievJgMyXRFjPf132d97w0MOzrR7tTzJJfBOk8ym+yhC6c6caXycg\n9ml5B2BTHZvwSRiLCE9QOtjRDrlCe69j1FzCPNibkDnJXMo/qMUbpvk/iOC0945X\n/LGRgLySMufDsRF6bYc0TMpLc2S9WgTFIss7gGN6GgkuHqU95N7lwvf2WqrFYJeg\nJAP0X+1PQhfsq06IkG5tsnYm8Dc6au8mD/+u6ADY+jUV7cFHIlbgwm/ciFjYe1N7\nVZwFKnKjuokH79A6S8TW+xvlqfH/20YTtMrrQX6fZd1gqWwWjBmAWY0fPGetiVl0\nyCt9OiBZG3P2FqerAeUB2fRfRaFXBmTUzxQc00D5WlAOZ7qh+6/qyh04Re6jq4zI\neuFQYtUBSLJxB+ZK5DuFUbYQUXodIXHRaW3t/1ydru7W/3arZrI=\n=abUf\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156561"
},
{
"db": "PACKETSTORM",
"id": "156549"
},
{
"db": "PACKETSTORM",
"id": "156458"
},
{
"db": "PACKETSTORM",
"id": "156559"
},
{
"db": "PACKETSTORM",
"id": "156554"
},
{
"db": "PACKETSTORM",
"id": "156739"
},
{
"db": "PACKETSTORM",
"id": "168774"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8597",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#782301",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-224-04",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "156662",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "156802",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-809841",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU99700555",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96514651",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156458",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156739",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.0696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0639",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0615",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0462",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0761",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0722",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1910",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2020030097",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46090",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-8597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156561",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156559",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156554",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168774",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156561"
},
{
"db": "PACKETSTORM",
"id": "156549"
},
{
"db": "PACKETSTORM",
"id": "156458"
},
{
"db": "PACKETSTORM",
"id": "156559"
},
{
"db": "PACKETSTORM",
"id": "156554"
},
{
"db": "PACKETSTORM",
"id": "156739"
},
{
"db": "PACKETSTORM",
"id": "168774"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"id": "VAR-202002-1458",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9230769
},
"last_update_date": "2024-05-23T22:26:19.779000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "pppd: Fix bounds check in EAP code",
"trust": 0.8,
"url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
},
{
"title": "ppp Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=111043"
},
{
"title": "Red Hat: Important: ppp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200630 - security advisory"
},
{
"title": "Red Hat: Important: ppp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200634 - security advisory"
},
{
"title": "Red Hat: Important: ppp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200631 - security advisory"
},
{
"title": "Red Hat: Important: ppp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200633 - security advisory"
},
{
"title": "Ubuntu Security Notice: ppp vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4288-1"
},
{
"title": "Ubuntu Security Notice: ppp vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4288-2"
},
{
"title": "Debian CVElist Bug Report Logs: ppp: CVE-2020-8597: Fix bounds check in EAP code",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a22a6da34189b0f5668819364fab3eb5"
},
{
"title": "Debian Security Advisories: DSA-4632-1 ppp -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=09892726301f394d4585b87fe5ae0272"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1371",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1371"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1400",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1400"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-8597 log"
},
{
"title": "Point-to-Point-Protocol-Daemon-RCE-Vulnerability-CVE-2020-8597-",
"trust": 0.1,
"url": "https://github.com/dilan-diaz/point-to-point-protocol-daemon-rce-vulnerability-cve-2020-8597- "
},
{
"title": "Xiaomi Redmi Router AC2100",
"trust": 0.1,
"url": "https://github.com/juanezm/openwrt-redmi-ac2100 "
},
{
"title": "CVE-2020-8597",
"trust": 0.1,
"url": "https://github.com/marcinguy/cve-2020-8597 "
},
{
"title": "CVE-2020-8597",
"trust": 0.1,
"url": "https://github.com/winmin/cve-2020-8597 "
},
{
"title": "Xiaomi-RM2100-1.0.14-vs.-CVE-2020-8597\nadd howto:\nA quick http server for the current directory\nAnd in another window...\nStart pppoe-server in the foreground\nIn another window to trigger the exploit\nEnable uart and bootdelay, useful for testing or recovery if you have an uart adapter!\nSet kernel1 as the booting kernel\nCommit our nvram changes\nFlash the kernel\nFlash the rootfs and reboot",
"trust": 0.1,
"url": "https://github.com/syb999/pppd-cve "
},
{
"title": "Bulk Security Pull Request Generator",
"trust": 0.1,
"url": "https://github.com/jlleitschuh/bulk-security-pr-generator "
},
{
"title": "Protocol-Vulnerability\nRelated Resources\nContributors",
"trust": 0.1,
"url": "https://github.com/winmin/protocol-vul "
},
{
"title": "https://github.com/huike007/poc",
"trust": 0.1,
"url": "https://github.com/huike007/poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"
},
{
"trust": 3.0,
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"
},
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8597"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-buffer-overflow.html"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-buffer-overflow.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0631"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0630"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0633"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0634"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202003-19"
},
{
"trust": 1.6,
"url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
},
{
"trust": 1.6,
"url": "https://www.synology.com/security/advisory/synology_sa_20_02"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2020/mar/6"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000061806/security-advisory-for-unauthenticated-remote-buffer-overflow-attack-in-pppd-on-wac510-psv-2020-0136"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20200313-0004/"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4288-2/"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4288-1/"
},
{
"trust": 1.6,
"url": "https://www.debian.org/security/2020/dsa-4632"
},
{
"trust": 1.6,
"url": "https://www.kb.cert.org/vuls/id/782301"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2020-8597"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/unjnhwoo4xf73m2w56ilzuy4jqg3jxir/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yofdaiowswpg732asyuzninmxdhy4ape/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96514651/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99700555/"
},
{
"trust": 0.8,
"url": "https://kb.cert.org/vuls/id/782301/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/unjnhwoo4xf73m2w56ilzuy4jqg3jxir/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yofdaiowswpg732asyuzninmxdhy4ape/"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/2020-06-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0639/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156739/gentoo-linux-security-advisory-202003-19.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0722/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0615/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0696/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0761/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020030097"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0462/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2766/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46090"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/ppp-buffer-overflow-via-eap-request-31562"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1910/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156458/ubuntu-security-notice-usn-4288-1.html"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4288-1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4288-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ppp/2.4.7-2+4.1ubuntu4.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ppp/2.4.7-2+2ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ppp/2.4.7-1+2ubuntu1.16.04.2"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/ppp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156561"
},
{
"db": "PACKETSTORM",
"id": "156549"
},
{
"db": "PACKETSTORM",
"id": "156458"
},
{
"db": "PACKETSTORM",
"id": "156559"
},
{
"db": "PACKETSTORM",
"id": "156554"
},
{
"db": "PACKETSTORM",
"id": "156739"
},
{
"db": "PACKETSTORM",
"id": "168774"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156561"
},
{
"db": "PACKETSTORM",
"id": "156549"
},
{
"db": "PACKETSTORM",
"id": "156458"
},
{
"db": "PACKETSTORM",
"id": "156559"
},
{
"db": "PACKETSTORM",
"id": "156554"
},
{
"db": "PACKETSTORM",
"id": "156739"
},
{
"db": "PACKETSTORM",
"id": "168774"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"date": "2020-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"date": "2020-03-02T20:48:57",
"db": "PACKETSTORM",
"id": "156597"
},
{
"date": "2020-02-27T15:59:22",
"db": "PACKETSTORM",
"id": "156561"
},
{
"date": "2020-02-27T14:02:22",
"db": "PACKETSTORM",
"id": "156549"
},
{
"date": "2020-02-20T21:18:33",
"db": "PACKETSTORM",
"id": "156458"
},
{
"date": "2020-02-27T15:44:44",
"db": "PACKETSTORM",
"id": "156559"
},
{
"date": "2020-02-27T17:02:22",
"db": "PACKETSTORM",
"id": "156554"
},
{
"date": "2020-03-15T14:00:00",
"db": "PACKETSTORM",
"id": "156739"
},
{
"date": "2020-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "168774"
},
{
"date": "2020-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"date": "2020-02-03T23:15:11.387000",
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"date": "2020-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"date": "2023-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"date": "2023-11-07T03:26:38.077000",
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156458"
},
{
"db": "PACKETSTORM",
"id": "156739"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ppp Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.