CVE-2020-8597 (https://nvd.nist.gov/vuln/detail/CVE-2020-8597): eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. Upstream patch: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
*** Bug 708192 has been marked as a duplicate of this bug. ***
Note that -D_FORTIFY_SOURCE=2 should caught that.
Upgrading to B1: Pre-auth, allowing code execution and pppd has setuid set allowing priv escalation.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=481553feb5f5711c7504ee8779b378b2034692a2 commit 481553feb5f5711c7504ee8779b378b2034692a2 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-02-26 15:31:03 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-02-26 15:37:06 +0000 net-dialup/ppp: Bump to version 2.4.8 with security backport for CVE-2020-8597 (0017-pppd-Fix-bounds-check-in-EAP-code.patch) Bug: https://bugs.gentoo.org/710308 Closes: https://bugs.gentoo.org/704680 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-dialup/ppp/Manifest | 2 + net-dialup/ppp/ppp-2.4.8.ebuild | 232 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 234 insertions(+)
Arches, please test and mark stable =net-misc/netifrc-0.7.1 =net-dialup/ppp-2.4.8 Target keywords: amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86
amd64/x86 stable
sparc stable
arm stable
ppc stable
ppc64 stable
ia64 stable
New GLSA request filed.
This issue was resolved and addressed in GLSA 202003-19 at https://security.gentoo.org/glsa/202003-19 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architectures.
hppa stable
arm64 stable
@maintainer(s), please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d97a6cdaa517c0c7c2a5658100bc99ea2dc7188c commit d97a6cdaa517c0c7c2a5658100bc99ea2dc7188c Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-04-02 07:18:30 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-04-02 07:18:30 +0000 net-dialup/ppp: Security cleanup Bug: https://bugs.gentoo.org/710308 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-dialup/ppp/Manifest | 2 - net-dialup/ppp/ppp-2.4.7-r7.ebuild | 230 ------------------------------------- 2 files changed, 232 deletions(-)
Tree clean, glsa done, closing. Thanks everyone.