Attacker Value

Very Low

CVE-2020-8597 rhostname buffer overflow in pppd

Attacker Value

Very Low

(2 users assessed)

Exploitability

Moderate

(2 users assessed)

User Interaction

CVE-2020-8597 rhostname buffer overflow in pppd

Disclosure Date: February 03, 2020 •

CVE-2020-8597 CVSS v3 Base Score: 9.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Add Assessment

wvu-r7 (437)

March 10, 2020 6:33pm UTC (4 years ago)•Edited 4 years ago

Technical Analysis

AFAIK, it is common to enable full mitigations on the binary, with ASLR enabled on the system. While this doesn’t mean much in and of itself, it could mean the vulnerability is difficult or “impossible” to exploit, depending on how the software is engineered or configured. A crash has already been proven.

busterb (317)

April 10, 2020 7:44pm UTC (4 years ago)

Ratings

Attacker Value

Very Low

Exploitability

Medium

Requires physical access

Technical Analysis

How do you get someone to autenticate with an untrusted PPPD peer these days? I just don’t think the vector for attack is easy for any attacker, and if you are in a position to sit there, like in a DSLAM, you have access to a lot of other evil possibilities.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

References

Rapid7

Very Low