Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 710308 (CVE-2020-8597) - <net-dialup/ppp-2.4.8: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597)
Summary: <net-dialup/ppp-2.4.8: Buffer overflow in the eap_request and eap_response fu...
Status: RESOLVED FIXED
Alias: CVE-2020-8597
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa+ cve]
Keywords: STABLEREQ
: 708192 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-02-20 16:19 UTC by GLSAMaker/CVETool Bot
Modified: 2020-04-02 07:22 UTC (History)
7 users (show)

See Also:
Package list:
net-misc/netifrc-0.7.1 net-dialup/ppp-2.4.8
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-02-20 16:19:55 UTC
CVE-2020-8597 (https://nvd.nist.gov/vuln/detail/CVE-2020-8597):
  eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in
  the eap_request and eap_response functions.


Upstream patch: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
Comment 1 Thomas Deutschmann gentoo-dev Security 2020-02-20 16:21:54 UTC
*** Bug 708192 has been marked as a duplicate of this bug. ***
Comment 2 Thomas Deutschmann gentoo-dev Security 2020-02-20 16:23:55 UTC
Note that -D_FORTIFY_SOURCE=2 should caught that.
Comment 3 Thomas Deutschmann gentoo-dev Security 2020-02-20 16:49:30 UTC
Upgrading to B1: Pre-auth, allowing code execution and pppd has setuid set allowing priv escalation.
Comment 4 Larry the Git Cow gentoo-dev 2020-02-26 15:37:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=481553feb5f5711c7504ee8779b378b2034692a2

commit 481553feb5f5711c7504ee8779b378b2034692a2
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-02-26 15:31:03 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-02-26 15:37:06 +0000

    net-dialup/ppp: Bump to version 2.4.8
    
    with security backport for CVE-2020-8597
    (0017-pppd-Fix-bounds-check-in-EAP-code.patch)
    
    Bug: https://bugs.gentoo.org/710308
    Closes: https://bugs.gentoo.org/704680
    Package-Manager: Portage-2.3.89, Repoman-2.3.20
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-dialup/ppp/Manifest         |   2 +
 net-dialup/ppp/ppp-2.4.8.ebuild | 232 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 234 insertions(+)
Comment 5 Sergey Popov gentoo-dev 2020-03-10 08:37:46 UTC
Arches, please test and mark stable

=net-misc/netifrc-0.7.1
=net-dialup/ppp-2.4.8

Target keywords: amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86
Comment 6 Sergey Popov gentoo-dev 2020-03-10 08:39:28 UTC
amd64/x86 stable
Comment 7 Rolf Eike Beer archtester 2020-03-11 17:23:22 UTC
sparc stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-03-12 16:22:42 UTC
arm stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-03-12 16:23:54 UTC
ppc stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-03-12 16:24:38 UTC
ppc64 stable
Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev 2020-03-14 22:00:23 UTC
ia64 stable
Comment 12 Thomas Deutschmann gentoo-dev Security 2020-03-15 02:57:23 UTC
New GLSA request filed.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2020-03-15 03:05:56 UTC
This issue was resolved and addressed in
 GLSA 202003-19 at https://security.gentoo.org/glsa/202003-19
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 14 Thomas Deutschmann gentoo-dev Security 2020-03-15 03:06:28 UTC
Re-opening for remaining architectures.
Comment 15 Rolf Eike Beer archtester 2020-03-23 21:19:16 UTC
hppa stable
Comment 16 Sam James archtester gentoo-dev Security 2020-04-01 21:05:44 UTC
arm64 stable
Comment 17 Sam James archtester gentoo-dev Security 2020-04-01 21:06:18 UTC
@maintainer(s), please cleanup
Comment 18 Larry the Git Cow gentoo-dev 2020-04-02 07:18:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d97a6cdaa517c0c7c2a5658100bc99ea2dc7188c

commit d97a6cdaa517c0c7c2a5658100bc99ea2dc7188c
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-04-02 07:18:30 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-04-02 07:18:30 +0000

    net-dialup/ppp: Security cleanup
    
    Bug: https://bugs.gentoo.org/710308
    Package-Manager: Portage-2.3.96, Repoman-2.3.22
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-dialup/ppp/Manifest            |   2 -
 net-dialup/ppp/ppp-2.4.7-r7.ebuild | 230 -------------------------------------
 2 files changed, 232 deletions(-)
Comment 19 Sam James archtester gentoo-dev Security 2020-04-02 07:22:16 UTC
Tree clean, glsa done, closing. Thanks everyone.