Several Linux Systems Vulnerable To 17-Yr-Old RCE Flaw

Insight: Several Linux Systems Vulnerable To 17-Yr-Old RCE Flaw

It seems like a 17 years old RCE flaw is going to create enough panic for Linux based operating systems. Discovered by Ija Van Sprundel, It is a stack buffer overflow vulnerability that arises due to a logical error in the Extensible Authentication Protocol (EAP) packet parser of the daemon software.

CVE-2020-8597 has the CVSS score of 9.8 indicating the severity. RCE) flaw affects Point-to-Point Protocol daemon (pppd) software. pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol ( EAP ) packet processing in eap_request and eap_response subroutines.

Several Linux Systems Vulnerable To 17-Yr-Old RCE Flaw

According to the report, Hackers can exploit by sending an unsolicited EAP packet to a vulnerable ppp client or server, an unauthenticated remote attacker could cause memory corruption in the pppd process, which may allow for arbitrary code execution.

This vulnerability is due to an error in validating the size of the input before copying the supplied data into memory. As the validation of the data size is incorrect, arbitrary data can be copied into memory and cause memory corruption possibly leading to execution of unwanted code.

For more details, please visit this report.