ah oh!

Debian says the problem is fixed in many versions.

The table below lists information on source packages.

Make sure to keep all internet facing systems as up to date as possible.

this bug might be critical for all systems hard(er) to update such as internet routers? (avm fritz routers ain’t using ppp(d) so not affected)

21.02.2020

Router security – “pppd” project

Media outlets are currently reporting on the CVE-2020-8597 vulnerability in the PPP daemon (pppd) project. AVM does not use this software project and AVM products are therefore not affected by the vulnerability. (src)

vendors should ship updates if affected

usually the workflow is like this:

  • powerdown
  • snapshot/backup
  • powerup
  • update
Source Package Release Version Status
lwip (PTS) buster 2.0.3-3+deb10u1 fixed
bullseye, sid 2.1.2+dfsg1-6 fixed
ppp (PTS) jessie 2.4.6-3.1 vulnerable
jessie (security) 2.4.6-3.1+deb8u1 fixed
stretch 2.4.7-1+4 vulnerable
stretch (security) 2.4.7-1+4+deb9u1 fixed
buster, buster (security) 2.4.7-2+4.1+deb10u1 fixed
bullseye, sid 2.4.7-2+4.1+deb10u1 vulnerable

“The problem affects versions of PPPD from 2.4.2 to 2.4.8.

The US-CERT team has warned of a critical vulnerability in the PPP daemon implemented in most Linux-based operating systems, as well as in the firmware of various network devices.

The problem (CVE-2020-8597) is a stack buffer overflow vulnerability that occurred due to a logical error in the EAP (Extensible Authentication Protocol) packet parser in PPPD (the eap_request () and eap_response () functions in eap.c).

The vulnerability allows you to remotely execute arbitrary code on vulnerable systems without authorization and gain full control over them.

To do this, the attacker will need to send a specially generated EAP packet to the vulnerable PPP client or server.

Since PPPD often works with increased privileges and in conjunction with kernel drivers, the above vulnerability can also potentially be used to execute malicious code with superuser rights.

The problem affects versions of PPPD from 2.4.2 to 2.4.8 – that is, all released over the past 17 years. The following Linux distributions have been confirmed to be vulnerable:

· Debian

· Ubuntu

· SUSE Linux

· Fedora

· NetBSD

· Red Hat Enterprise Linux

as well as projects:

Currently, there is no information about attempts to exploit this vulnerability.

PPP is a Protocol used for establishing inter-network connections via modems, DSL connections, and many other types of point-to-point connections.

The pppd daemon works in conjunction with the core PPP driver to establish and maintain a PPP connection with another system (called a partner) and negotiate IP addresses for each end of the connection.

Pppd can also authenticate the partner and / or provide the partner with authentication information.

PPP can be used with other network protocols other than IP, but this use is becoming increasingly rare.” (src)

rpm/Fedora/Centos/RedHat based systems:

yum info ppp

Available Packages
Name        : ppp
Arch        : x86_64
Version     : 2.4.5
Release     : 34.el7_7
Size        : 358 k
Repo        : updates/7/x86_64
Summary     : The Point-to-Point Protocol daemon
URL         : http://www.samba.org/ppp
License     : BSD and LGPLv2+ and GPLv2+ and Public Domain
Description : The ppp package contains the PPP (Point-to-Point Protocol) daemon and
            : documentation for PPP support. The PPP protocol provides a method for
            : transmitting datagrams over serial point-to-point links. PPP is
            : usually used to dial in to an ISP (Internet Service Provider) or other
            : organization over a modem and phone line.

apt/Debian/Ubuntu based systems:

hostnamectl; # tested on
  Operating System: Debian GNU/Linux 9 (stretch)
            Kernel: Linux 4.9.0-12-amd64
      Architecture: x86-64

# check what version is installed
dpkg -l|grep ppp
ii  ppp                                   2.4.7-1+4+deb9u1                            amd64        Point-to-Point Protocol (PPP) - daemon

apt -a show ppp; # get more info about package
Package: ppp
Version: 2.4.7-1+4+deb9u1
Priority: optional
Section: admin
Maintainer: Chris Boot <bootc@debian.org>
Installed-Size: 949 kB
Depends: libpam-modules, libpam-runtime, lsb-base, procps, init-system-helpers (>= 1.18~), libc6 (>= 2.15), libpam0g (>= 0.99.7.1), libpcap0.8 (>= 0.9.8)
Breaks: network-manager (<< 0.9.8.8-7~), network-manager-pptp (<< 0.9.8.4-3~), pppdcapiplugin (<< 1:3.25+dfsg1-3.4~)
Homepage: http://ppp.samba.org/
Download-Size: 346 kB
APT-Manual-Installed: no
APT-Sources: http://security.debian.org/debian-security stretch/updates/main amd64 Packages
Description: Point-to-Point Protocol (PPP) - daemon
 The Point-to-Point Protocol provides a standard way to transmit
 datagrams over a serial link, as well as a standard way for the machines
 at either end of the link to negotiate various optional characteristics
 of the link.
 .
 This package is most commonly used to manage a modem for dial-up or
 certain kinds of broadband connections.

Package: ppp
Version: 2.4.7-1+4
Priority: optional
Section: admin
Maintainer: Chris Boot <bootc Ät debian.org>
Installed-Size: 949 kB
Depends: libpam-modules, libpam-runtime, lsb-base, procps, init-system-helpers (>= 1.18~), libc6 (>= 2.15), libpam0g (>= 0.99.7.1), libpcap0.8 (>= 0.9.8)
Breaks: network-manager (<< 0.9.8.8-7~), network-manager-pptp (<< 0.9.8.4-3~), pppdcapiplugin (<< 1:3.25+dfsg1-3.4~)
Homepage: http://ppp.samba.org/

Tag: hardware::modem, implemented-in::c, interface::daemon, network::server,
 protocol::ip, protocol::ipv6, role::program, security::authentication,
 use::dialing, use::login, works-with::network-traffic
Download-Size: 346 kB

APT-Sources: https://ftp.halifax.rwth-aachen.de/debian stretch/main amd64 Packages

Description: Point-to-Point Protocol (PPP) - daemon
 The Point-to-Point Protocol provides a standard way to transmit
 datagrams over a serial link, as well as a standard way for the machines
 at either end of the link to negotiate various optional characteristics
 of the link.
 .
 This package is most commonly used to manage a modem for dial-up or
 certain kinds of broadband connections.

Links:

https://en.avm.de/service/current-security-notifications/rss/

https://en.avm.de/service/security-information-about-updates/

admin