Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the refuse-app
option are unaffected.
PPP instances must be configured for EAP-TLS authentication to expose this vulnerability. For ppp servers, the file /etc/ppp/eaptls-server' must exist. For clients, either
/etc/ppp/eaptls-clientmust exist or command-line options
ca,
certand
key` must be provided.