CVSS: 9.8EPSS: 21%CPEs: 11EXPL: 4CVE-2020-8597 – ppp: Buffer overflow in the eap_request and eap_response functions in eap.c
https://notcve.org/view.php?id=CVE-2020-8597
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. El archivo eap.c en pppd en ppp versiones 2.4.2 hasta 2.4.8, presenta un desbordamiento del búfer de rhostname en las funciones eap_request y eap_response. A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. Data confidentiality and integrity, as well as system availability, are all at risk with this vulnerability. • https://github.com/dointisme/CVE-2020-8597 https://github.com/WinMin/CVE-2020-8597 https://github.com/lakwsh/CVE-2020-8597 https://github.com/Dilan-Diaz/Point-to-Point-Protocol-Daemon-RCE-Vulnerability-CVE-2020-8597- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html http://seclists.org/fulldisclosure/2020/Mar/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11574
https://notcve.org/view.php?id=CVE-2018-11574
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected. Una validación de entradas incorrecta junto con un desbordamiento de enteros en la implementación del protocolo EAP-TLS en PPPD podría provocar un cierre inesperado, divulgación de información o una omisión de información. Esta implementación se distribuye como parche para PPPD 0.91 e incluye los archivos eap.c y eap-tls.c afectados. • http://www.openwall.com/lists/oss-security/2018/06/11/1 https://usn.ubuntu.com/3810-1 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 6%CPEs: 5EXPL: 0CVE-2015-3310
https://notcve.org/view.php?id=CVE-2015-3310
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server. Desbordamiento de buffer en la función rc_mksid en plugins/radius/util.c en Paul's PPP Package (ppp) 2.4.6 y anteriores, cuando el PID para pppd es mayor a 65535, permite a atacantes remotos causar una denegación de servicio (caída) a través de un mensaje de empezar la contabilidad en el servidor RADIUS. • http://advisories.mageia.org/MGASA-2015-0173.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00147.html http://www.debian.org/security/2015/dsa-3228 http://www.mandriva.com/security/advisories?name=MDVSA-2015:222 http://www.securityfocus.com/bid/74163 http://www.ubuntu.com/usn/USN-2595-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782450 https://security.gentoo.org/glsa/201701-50 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3158
https://notcve.org/view.php?id=CVE-2014-3158
Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables." Desbordamiento de enteros en la función en options.c en pppd en Paul's PPP Package (ppp) anterior a 2.4.7 permite a atacantes el 'Acceso a opciones privilegiadas' a través de una palabra larga en el archivo de opciones, que provoca un desbordamiento de buffer basado en memoria dinámica que '(corrompe) las variables relevantes para la seguridad'. • http://advisories.mageia.org/MGASA-2014-0368.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html http://marc.info/?l=linux-ppp&m=140764978420764 http://www.debian.org/security/2014/dsa-3079 http://www.mandriva.com/security/advisories?name=MDVSA-2015:135 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.ubuntu.com/usn/USN-2429-1 https://bugzilla.redhat.com/show_bug.cgi?id=1128748 https://github.com/paulusmack& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2194
https://notcve.org/view.php?id=CVE-2006-2194
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges. El 'plugin' (complemento) winbind en pppd para ppp (Ponit to Point Protocol) v2.4.4 y anteriores no chequea el código de respuesta de la llamada a la función setuid, lo que puede permiter a usuarios locales ganar privilegios provocando que la función setuid falle, tales como exceder los límites PAM para el máximo número de procesos de usuario, lo que evita que el componente de autenticación NTLM de winbind (winbind NTLM authentication helper) retire privilegios. • http://secunia.com/advisories/20963 http://secunia.com/advisories/20967 http://secunia.com/advisories/20987 http://secunia.com/advisories/20996 http://www.debian.org/security/2006/dsa-1106 http://www.mandriva.com/security/advisories?name=MDKSA-2006:119 http://www.osvdb.org/26994 http://www.securityfocus.com/bid/18849 http://www.ubuntu.com/usn/usn-310-1 •