Buffer Overflow Vulnerability in Point-to-Point Protocol Daemon (CVE-2020-8597)

Daisy has received a notification (CVE-2020-8597) detailing a critical vulnerability within the Point-to-Point Protocol Daemon (pppd) through versions 2.4.2 – 2.4.8.

This vulnerability may allow an attacker to send a specially crafted EAP packet to a vulnerable PPP client or server which could cause a denial-of-service condition or enable them to gain arbitrary code execution.

Daisy are assessing and patching this vulnerability for affected customers. If you require further information relating to your services please raise them through the usual support channels.

We are not aware of any active exploitation at present and there does not appear to be a working proof of concept at time of publication however it is likely one will be released in the coming weeks.

Further information relating to this vulnerability with links to vendor updates is available here https://www.kb.cert.org/vuls/id/782301/