A vulnerability was found in pppd+EAP-TLS. A malicious client could cause a pppd server instance to crash.
Created ppp tracking bugs for this issue:
Affects: fedora-all [bug 1590087]
This flaw does not affect vanilla ppp, only versions patched and compiled with the EAPTLS patch. It can be triggered in both client and server.
Examining the entry points to eap-tls.c, it seems that EAPTLS negotiation will be aborted if get_eaptls_secret() fails. This will occur if the ppp instance is running without being configured for EAPTLS (see README.eap-tls).
PPP instances must be configured for EAP-TLS authentication to expose this vulnerability. For ppp servers, the file `/etc/ppp/eaptls-server' must exist. For clients, either `/etc/ppp/eaptls-client` must exist or command-line options `ca`, `cert` and `key` must be provided.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):