ah oh!
Debian says the problem is fixed in many versions.
The table below lists information on source packages.
Make sure to keep all internet facing systems as up to date as possible.
this bug might be critical for all systems hard(er) to update such as internet routers? (avm fritz routers ain’t using ppp(d) so not affected)
|
21.02.2020 |
Router security – “pppd” project Media outlets are currently reporting on the CVE-2020-8597 vulnerability in the PPP daemon (pppd) project. AVM does not use this software project and AVM products are therefore not affected by the vulnerability. (src) |
vendors should ship updates if affected
usually the workflow is like this:
- powerdown
- snapshot/backup
- powerup
- update
| Source Package | Release | Version | Status |
|---|---|---|---|
| lwip (PTS) | buster | 2.0.3-3+deb10u1 | fixed |
| bullseye, sid | 2.1.2+dfsg1-6 | fixed | |
| ppp (PTS) | jessie | 2.4.6-3.1 | vulnerable |
| jessie (security) | 2.4.6-3.1+deb8u1 | fixed | |
| stretch | 2.4.7-1+4 | vulnerable | |
| stretch (security) | 2.4.7-1+4+deb9u1 | fixed | |
| buster, buster (security) | 2.4.7-2+4.1+deb10u1 | fixed | |
| bullseye, sid | 2.4.7-2+4.1+deb10u1 | vulnerable |
“The problem affects versions of PPPD from 2.4.2 to 2.4.8.
The US-CERT team has warned of a critical vulnerability in the PPP daemon implemented in most Linux-based operating systems, as well as in the firmware of various network devices.
The problem (CVE-2020-8597) is a stack buffer overflow vulnerability that occurred due to a logical error in the EAP (Extensible Authentication Protocol) packet parser in PPPD (the eap_request () and eap_response () functions in eap.c).
The vulnerability allows you to remotely execute arbitrary code on vulnerable systems without authorization and gain full control over them.
To do this, the attacker will need to send a specially generated EAP packet to the vulnerable PPP client or server.
Since PPPD often works with increased privileges and in conjunction with kernel drivers, the above vulnerability can also potentially be used to execute malicious code with superuser rights.
The problem affects versions of PPPD from 2.4.2 to 2.4.8 – that is, all released over the past 17 years. The following Linux distributions have been confirmed to be vulnerable:
· Debian
· Ubuntu
· Fedora
· NetBSD
as well as projects:
- Cisco CallManager ;
- TP-LINK products ;
- OpenWRT Embedded OS ;
- Synology (DiskStation Manager, VisualStation, Router Manager)
Currently, there is no information about attempts to exploit this vulnerability.
PPP is a Protocol used for establishing inter-network connections via modems, DSL connections, and many other types of point-to-point connections.
The pppd daemon works in conjunction with the core PPP driver to establish and maintain a PPP connection with another system (called a partner) and negotiate IP addresses for each end of the connection.
Pppd can also authenticate the partner and / or provide the partner with authentication information.
PPP can be used with other network protocols other than IP, but this use is becoming increasingly rare.” (src)
rpm/Fedora/Centos/RedHat based systems:
yum info ppp Available Packages Name : ppp Arch : x86_64 Version : 2.4.5 Release : 34.el7_7 Size : 358 k Repo : updates/7/x86_64 Summary : The Point-to-Point Protocol daemon URL : http://www.samba.org/ppp License : BSD and LGPLv2+ and GPLv2+ and Public Domain Description : The ppp package contains the PPP (Point-to-Point Protocol) daemon and : documentation for PPP support. The PPP protocol provides a method for : transmitting datagrams over serial point-to-point links. PPP is : usually used to dial in to an ISP (Internet Service Provider) or other : organization over a modem and phone line.
apt/Debian/Ubuntu based systems:
hostnamectl; # tested on Operating System: Debian GNU/Linux 9 (stretch) Kernel: Linux 4.9.0-12-amd64 Architecture: x86-64 # check what version is installed dpkg -l|grep ppp ii ppp 2.4.7-1+4+deb9u1 amd64 Point-to-Point Protocol (PPP) - daemon apt -a show ppp; # get more info about package Package: ppp Version: 2.4.7-1+4+deb9u1 Priority: optional Section: admin Maintainer: Chris Boot <bootc@debian.org> Installed-Size: 949 kB Depends: libpam-modules, libpam-runtime, lsb-base, procps, init-system-helpers (>= 1.18~), libc6 (>= 2.15), libpam0g (>= 0.99.7.1), libpcap0.8 (>= 0.9.8) Breaks: network-manager (<< 0.9.8.8-7~), network-manager-pptp (<< 0.9.8.4-3~), pppdcapiplugin (<< 1:3.25+dfsg1-3.4~) Homepage: http://ppp.samba.org/ Download-Size: 346 kB APT-Manual-Installed: no APT-Sources: http://security.debian.org/debian-security stretch/updates/main amd64 Packages Description: Point-to-Point Protocol (PPP) - daemon The Point-to-Point Protocol provides a standard way to transmit datagrams over a serial link, as well as a standard way for the machines at either end of the link to negotiate various optional characteristics of the link. . This package is most commonly used to manage a modem for dial-up or certain kinds of broadband connections. Package: ppp Version: 2.4.7-1+4 Priority: optional Section: admin Maintainer: Chris Boot <bootc Ät debian.org> Installed-Size: 949 kB Depends: libpam-modules, libpam-runtime, lsb-base, procps, init-system-helpers (>= 1.18~), libc6 (>= 2.15), libpam0g (>= 0.99.7.1), libpcap0.8 (>= 0.9.8) Breaks: network-manager (<< 0.9.8.8-7~), network-manager-pptp (<< 0.9.8.4-3~), pppdcapiplugin (<< 1:3.25+dfsg1-3.4~) Homepage: http://ppp.samba.org/ Tag: hardware::modem, implemented-in::c, interface::daemon, network::server, protocol::ip, protocol::ipv6, role::program, security::authentication, use::dialing, use::login, works-with::network-traffic Download-Size: 346 kB APT-Sources: https://ftp.halifax.rwth-aachen.de/debian stretch/main amd64 Packages Description: Point-to-Point Protocol (PPP) - daemon The Point-to-Point Protocol provides a standard way to transmit datagrams over a serial link, as well as a standard way for the machines at either end of the link to negotiate various optional characteristics of the link. . This package is most commonly used to manage a modem for dial-up or certain kinds of broadband connections.
Links:
https://en.avm.de/service/current-security-notifications/rss/
https://en.avm.de/service/security-information-about-updates/
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!
