Joined: 12 May 2004
|Posted: Sun Mar 15, 2020 6:26 am Post subject: [ glsa 202003-19 ] ppp
|Gentoo Linux Security Advisory
Title: PPP: Buffer overflow (GLSA 202003-19)
A buffer overflow in PPP might allow a remote attacker to execute
PPP is a Unix implementation of the Point-to-Point Protocol.
Vulnerable: < 2.4.8
Unaffected: >= 2.4.8
Architectures: All supported architectures
It was discovered that bounds check in PPP for the rhostname was
improperly constructed in the EAP request and response functions.
A remote attacker, by sending specially crafted authentication data,
could possibly execute arbitrary code with the privileges of the process
or cause a Denial of Service condition.
There is no known workaround at this time.
All PPP users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dialup/ppp-2.4.8"