• About
  • Advertise
  • Careers
  • Contact
Sunday, February 5, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Several Linux Systems Can Be Hacked Via This 17-Yr-Old RCE Flaw

by Cyber360 News
March 6, 2020
in Security
0
Several Linux Systems Can Be Hacked Via This 17-Yr-Old RCE Flaw
0
SHARES
1
VIEWS
Share on FacebookShare on Twitter

Several Linux-based operating systems have been affected by a 17-year old remote code execution (RCE) flaw which affects Point-to-Point Protocol daemon (pppd) software. Pppd software not only comes pre-installed in most of the Linux systems but also powers the firmware of popular networking devices.

Point-to-point protocol daemon is used to manage network connections between two nodes, mostly broadband connections when PPPoE or PPPoA protocols are used over DSL broadband connections or VPNs.

The RCE flaw has been discovered by Ija Van Sprundel, an IOActive security researcher. The critical flaw is a stack buffer overflow vulnerability that arises due to a logical error in the Extensible Authentication Protocol (EAP) packet parser of the daemon software.

According to an advisory issued by US-CERT, the vulnerability has been tagged as CVE-2020-8597 and has the CVSS score of 9.8 indicating the severity.

A hacker can exploit the flaw and execute arbitrary code on an affected system remotely thus taking over the full control of the system. The flaw can be exploited by sending a crooked EAP packer to the target pppd client or server.

What makes the vulnerability highly severe is the fact that point-to-point protocol daemon often has high privileges. Thus, if a hacker takes control over a server by exploiting the flaw, he could gain access to root-level privileges.

Also Read: Cloud Snooper: Hackers Using Linux Kernel Driver To Attack Cloud Server

Affected Linux Operating Systems & Devices

As per Mr. Sprundel, the flaw persists through pppd versions 2.4.2 through 2.4.8 or all the versions released in the last 17 years. He has confirmed that the following Linux distributions have been affected by the pppd flaw:

  • Ubuntu
  • Debian
  • Fedora
  • SUSE Linux
  • Red Hat Enterprise Linux
  • NetBSD

Additionally, the following devices also ship the affected versions of pppd and are vulnerable to attack:

  • TP-LINK products
  • Synology products
  • Cisco CallManager
  • OpenWRT Embedded OS

We advise our readers to update their systems as soon as the patch is available to evade a potential attack.

Cyber360 News

Cyber360 News

Next Post
The tech support scam call center has now been raided by local police while its entire operation has been shut down.

The tech support scam call center has now been raided by local police while its entire operation has been shut down.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In