Debian Local Security Checks : Debian: Security Advisory for ppp (DSA-4632-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.704632

Categoría: Debian Local Security Checks

Título: Debian: Security Advisory for ppp (DSA-4632-1)

Resumen: The remote host is missing an update for the 'ppp'; package(s) announced via the DSA-4632-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'ppp'
package(s) announced via the DSA-4632-1 advisory.

Vulnerability Insight:
Ilja Van Sprundel reported a logic flaw in the Extensible Authentication
Protocol (EAP) packet parser in the Point-to-Point Protocol Daemon
(pppd). An unauthenticated attacker can take advantage of this flaw to
trigger a stack-based buffer overflow, leading to denial of service
(pppd daemon crash).

Affected Software/OS:
'ppp' package(s) on Debian Linux.

Solution:
For the oldstable distribution (stretch), this problem has been fixed
in version 2.4.7-1+4+deb9u1.

For the stable distribution (buster), this problem has been fixed in
version 2.4.7-2+4.1+deb10u1.

We recommend that you upgrade your ppp packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-8597
CERT/CC vulnerability note: VU#782301
https://www.kb.cert.org/vuls/id/782301
Debian Security Information: DSA-4632 (Google Search)
https://www.debian.org/security/2020/dsa-4632
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/
http://seclists.org/fulldisclosure/2020/Mar/6
https://security.gentoo.org/glsa/202003-19
http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html
http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html
https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04
https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html
RedHat Security Advisories: RHSA-2020:0630
https://access.redhat.com/errata/RHSA-2020:0630
RedHat Security Advisories: RHSA-2020:0631
https://access.redhat.com/errata/RHSA-2020:0631
RedHat Security Advisories: RHSA-2020:0633
https://access.redhat.com/errata/RHSA-2020:0633
RedHat Security Advisories: RHSA-2020:0634
https://access.redhat.com/errata/RHSA-2020:0634
SuSE Security Announcement: openSUSE-SU-2020:0286 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html
https://usn.ubuntu.com/4288-1/
https://usn.ubuntu.com/4288-2/

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.704632
Categoría:	Debian Local Security Checks
Título:	Debian: Security Advisory for ppp (DSA-4632-1)
Resumen:	The remote host is missing an update for the 'ppp'; package(s) announced via the DSA-4632-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ppp' package(s) announced via the DSA-4632-1 advisory. Vulnerability Insight: Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol (EAP) packet parser in the Point-to-Point Protocol Daemon (pppd). An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service (pppd daemon crash). Affected Software/OS: 'ppp' package(s) on Debian Linux. Solution: For the oldstable distribution (stretch), this problem has been fixed in version 2.4.7-1+4+deb9u1. For the stable distribution (buster), this problem has been fixed in version 2.4.7-2+4.1+deb10u1. We recommend that you upgrade your ppp packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-8597 CERT/CC vulnerability note: VU#782301 https://www.kb.cert.org/vuls/id/782301 Debian Security Information: DSA-4632 (Google Search) https://www.debian.org/security/2020/dsa-4632 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/ http://seclists.org/fulldisclosure/2020/Mar/6 https://security.gentoo.org/glsa/202003-19 http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04 https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html RedHat Security Advisories: RHSA-2020:0630 https://access.redhat.com/errata/RHSA-2020:0630 RedHat Security Advisories: RHSA-2020:0631 https://access.redhat.com/errata/RHSA-2020:0631 RedHat Security Advisories: RHSA-2020:0633 https://access.redhat.com/errata/RHSA-2020:0633 RedHat Security Advisories: RHSA-2020:0634 https://access.redhat.com/errata/RHSA-2020:0634 SuSE Security Announcement: openSUSE-SU-2020:0286 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html https://usn.ubuntu.com/4288-1/ https://usn.ubuntu.com/4288-2/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH