Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 833455 (CVE-2021-42870, CVE-2022-0982, CVE-2022-24704, CVE-2022-24705) - net-dialup/accel-ppp: multiple vulnerabilities
Summary: net-dialup/accel-ppp: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2021-42870, CVE-2022-0982, CVE-2022-24704, CVE-2022-24705
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://github.com/accel-ppp/accel-pp...
Whiteboard: ~2 [ebuild/upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-02-16 03:33 UTC by John Helmert III
Modified: 2022-05-16 16:43 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-16 03:33:51 UTC
CVE-2022-24704:

The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered.

CVE-2022-24705:

The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.

Patch is merged but not yet in any release. Might just be worth snapshotting again.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-19 02:19:28 UTC
CVE-2022-0982 (https://github.com/xebd/accel-ppp/issues/164):

The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-16 16:43:55 UTC
CVE-2021-42870 (https://github.com/xebd/accel-ppp/issues/158):

ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request.