TencentOS Server 4: ppp (TSSA-2025:0398)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0398 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2004-0165

Malware in sbrugna...

EUVD-2007-0749

Malware in sbrugna...

DEBIAN-CVE-2024-58250

The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges...

AZL-61768 CVE-2024-58250 affecting package ppp 2.5.0-1

The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges...

AZL-60894 CVE-2024-58250 affecting package ppp 2.4.7-36

The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges...

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

...

SUSE CVE-2014-3158

Integer overflow in the getword function in options.c in pppd in Paul's PPP Package ppp before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "corrupts security-relevant variables."...

SUSE CVE-2018-11574

Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files...

SUSE CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions...

CVE-2020-15704

A flaw in the Linux ppp daemon functionality was found in the way possibility of unexpected loading pppgeneric module during ppp daemon startup...

[SECURITY] Fedora 31 Update: ppp-2.4.7-34.fc31

The ppp package contains the PPP Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an ISP Internet Service Provider or other organization over a modem...

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers

The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon pppd software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. The affected...

ALPINE-CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions...

CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions...

PT-2018-10677

Name of the Vulnerable Software and Affected Versions PPPD versions prior to the version with the fixed patch Description The issue arises from improper input validation combined with an integer overflow in the EAP-TLS protocol implementation. This can lead to a crash, information disclosure, or...

Debian DLA-205-1 : ppp security update

Emanuele Rocca discovered that ppp, a daemon implementing the Point-to-Point Protocol, was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial of service by crashing the daemon. NOTE: Tenable Network Security has extracted...

DEBIAN-CVE-2014-3158

Integer overflow in the getword function in options.c in pppd in Paul's PPP Package ppp before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "corrupts security-relevant variables."...

UBUNTU-CVE-2014-3158

Integer overflow in the getword function in options.c in pppd in Paul's PPP Package ppp before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "corrupts security-relevant variables."...

CVE-2007-0752

The PPP daemon pppd in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check...