Bug 1800727 (CVE-2020-8597)
Summary: | CVE-2020-8597 ppp: Buffer overflow in the eap_request and eap_response functions in eap.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | dmoppert, huzaifas, jaskalnik, jskarvad, jsynacek, msekleta, than, thozza, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. Data confidentiality and integrity, as well as system availability, are all at risk with this vulnerability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-02-27 15:49:55 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1800734, 1806412, 1806413, 1806414, 1806415, 1806416, 1806417, 1825905 | ||
Bug Blocks: | 1800732 |
Description
Pedro Sampaio
2020-02-07 20:03:57 UTC
Created ppp tracking bugs for this issue: Affects: fedora-all [bug 1800734] Statement: The ppp packages distributed with Red Hat Enterprise Linux versions are compiled using gcc's stack-protector feature. The "Stack Smashing Protection" may help mitigate code execution attacks for this flaw and limit its impact to crash only. What's the impact to set in the errata field? (In reply to Jaroslav Škarvada from comment #8) > What's the impact to set in the errata field? I got the information from one of the cloned bugzillas: Important. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0630 https://access.redhat.com/errata/RHSA-2020:0630 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0634 https://access.redhat.com/errata/RHSA-2020:0634 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0633 https://access.redhat.com/errata/RHSA-2020:0633 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0631 https://access.redhat.com/errata/RHSA-2020:0631 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8597 Mitigation: Red Hat is working on providing updates packages which patches this flaw. This flaw can only be mitigated by updating to these package versions. The "Stack Smashing Protection" may help mitigate code execution attacks for this flaw and limit its impact to crash only. |