Page MenuHomeVyOS Platform

RCE in pppd and ppp client
Open, Requires assessmentPublic

Description

hi,

sorry for the link in german:

https://blog.fefe.de/?ts=a0b08d9a

It seems that there is an RCE in server and client code:

https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426

"So it affects the server and client. Both eap_request() and eap_response() are vulnerable (and have the exact same bug). Further more, there is no check to see if you’ve actually configured eap and are using eap prior to hitting the parser. So even if it’s not configured, you’re still vulnerable. Oh, and it’s pre-auth."

There is no ppp release with this fix. It is only in current git. I also have not seen any CVE.

Details

Difficulty level
Unknown (require assessment)
Version
1.2.4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

rherold created this task.Feb 20 2020, 6:18 PM
rherold created this object in space S1 VyOS Public.
pasik added a subscriber: pasik.Feb 20 2020, 9:24 PM
rherold renamed this task from Possible RCE in pppd and ppp client to RCE in pppd and ppp client.Feb 21 2020, 8:24 AM