Several Linux-based operating systems have been affected by a 17-year old remote code execution (RCE) flaw which affects Point-to-Point Protocol daemon (pppd) software. Pppd software not only comes pre-installed in most of the Linux systems but also powers the firmware of popular networking devices.
Point-to-point protocol daemon is used to manage network connections between two nodes, mostly broadband connections when PPPoE or PPPoA protocols are used over DSL broadband connections or VPNs.
The RCE flaw has been discovered by Ija Van Sprundel, an IOActive security researcher. The critical flaw is a stack buffer overflow vulnerability that arises due to a logical error in the Extensible Authentication Protocol (EAP) packet parser of the daemon software.
According to an advisory issued by US-CERT, the vulnerability has been tagged as CVE-2020-8597 and has the CVSS score of 9.8 indicating the severity.
A hacker can exploit the flaw and execute arbitrary code on an affected system remotely thus taking over the full control of the system. The flaw can be exploited by sending a crooked EAP packer to the target pppd client or server.
What makes the vulnerability highly severe is the fact that point-to-point protocol daemon often has high privileges. Thus, if a hacker takes control over a server by exploiting the flaw, he could gain access to root-level privileges.
Also Read: Cloud Snooper: Hackers Using Linux Kernel Driver To Attack Cloud Server
Affected Linux Operating Systems & Devices
As per Mr. Sprundel, the flaw persists through pppd versions 2.4.2 through 2.4.8 or all the versions released in the last 17 years. He has confirmed that the following Linux distributions have been affected by the pppd flaw:
- Ubuntu
- Debian
- Fedora
- SUSE Linux
- Red Hat Enterprise Linux
- NetBSD
Additionally, the following devices also ship the affected versions of pppd and are vulnerable to attack:
- TP-LINK products
- Synology products
- Cisco CallManager
- OpenWRT Embedded OS
We advise our readers to update their systems as soon as the patch is available to evade a potential attack.
