[pppd] how to check the security issue CVE-2020-8597
by beziabdelkarim from LinuxQuestions.org on (#506CK)
Hello,
I need to check the following security issue on my ppp client machine (linux)
-eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
I'm using pppd 2.4.5.
Unfortunately no useful details is available on forums regarding this.
The idea is to have a reproduction scenario (test, tool, commands, setup) to reproduce this problem.
If reproduced, I'llupgrade my pppd daemon to the latest version (containing the fix) and redo the same check to confirm.
Any useful information is welcome.
THANKS FOR YOUR HELP
I need to check the following security issue on my ppp client machine (linux)
-eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
I'm using pppd 2.4.5.
Unfortunately no useful details is available on forums regarding this.
The idea is to have a reproduction scenario (test, tool, commands, setup) to reproduce this problem.
If reproduced, I'llupgrade my pppd daemon to the latest version (containing the fix) and redo the same check to confirm.
Any useful information is welcome.
THANKS FOR YOUR HELP