MiracleLinux 4 : ppp-2.4.5-11.AXS4 (AXSA:2020-4482:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4482:02 advisory. ppp: Buffer overflow in the eaprequest and eapresponse functions in eap.c CVE-2020-8597 Tenable has extracted the preceding description block directly from t...

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

...

K73217235: pppd vulnerability CVE-2020-8597

Security Advisory Description eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. CVE-2020-8597 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

AlmaLinux 8 : ppp (ALSA-2020:0633)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:0633 advisory. - eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. CVE-2020-8597 Note that Nessus has not...

EulerOS 2.0 SP3 : ppp (EulerOS-SA-2021-1834)

According to the version of the ppp package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, o...

Arbitrary Code Execution

ppp is vulnerable to arbitrary code execution. eap.c has an rhostname buffer overflow in the eaprequest and eapresponse functions, allowing an attacker to execute arbitrary code on the host OS via the vulnerability...

Important: ppp

Issue Overview: eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. CVE-2020-8597 Affected Packages: ppp Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL...

UBUNTU-CVE-2020-9428

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing...

Important: Red Hat Security Advisory: ppp security update

An update for ppp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Important: Red Hat Security Advisory: ppp security update

An update for ppp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions...

Buffer overflow

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions...

CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions...

CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions...

CVE-2020-8597 rhostname buffer overflow in pppd

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. Recent assessments: wvu-r7 at March 10, 2020 6:33pm UTC reported: AFAIK, it is common to enable full mitigations on the binary, with ASLR enabled on the system. While this doesn’...

CVE-2017-13015

The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eapprint...

CVE-2006-5601

Stack-based buffer overflow in the eapdonotify function in eap.c in xsupplicant before 1.2.6, and possibly other versions, allows remote authenticated users to execute arbitrary code via unspecified vectors...