An impact point-to-point Protocol daemon, pppd software, and a 17-year-old remote code execution (RCE) vulnerability has been made to several Linux-based the impact of the operating system. The Pppd software is not only pre-installed in most Linux systems, but also provides power for the firmware of popular network devices.
The RCE vulnerability was discovered by IOActive security researcher Ija Van Sprundel and is critical in the stack buffer overflow vulnerability caused by a logic error in the daegating authentication protocol (EAP) packet parser of the daemon software.
According to a consulting report issued by US-CERT, the vulnerability has been marked as CVE-2020-8597. In terms of severity, CVSS rated it at 9.8.
Once a crooked EAP packager is sent to the target pppclient or server, the hacker can exploit the vulnerability. It can take full control of the system by taking advantage of this vulnerability and remotely executing arbitrary code on the affected system.
To aggravate the severity of the vulnerability, peer-to-peer protocol daemons often have high privileges. This also results in the ability of hackers to gain access privileges to root-level once they take control of the server through the vulnerability.
According to Sprundel, the vulnerability is present in the pppd version of 2.4.2 to 2.4.8 or in all versions released over the past 17 years. He has confirmed that the following Linux distributions have been affected by the ppp vulnerability:
Red Hat Enterprise Linux
In addition, the following devices come with the affected version of pppd and are vulnerable to attack:
OpenWRT Embedded OS
Users are advised to update their systems as soon as possible after the patch is released to avoid potential attacks.