Author Topic: pppd vulnerable  (Read 386 times)

0 Members and 1 Guest are viewing this topic.

Offline BU508A

  • Super Contributor
  • ***
  • Posts: 1957
  • Country: de
  • Per aspera ad astra
pppd vulnerable
« on: February 20, 2020, 03:35:01 pm »
Just as a heads-up: if you are having somewhere around pppd (e.g. the router for your internetconnection):
it can be hacked.

https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426

Quote from the author:
"So it affects the server and client. Both eap_request() and eap_response() are vulnerable (and have the exact same bug). Further more, there is no check to see if you’ve actually configured eap and are using eap prior to hitting the parser. So even if it’s not configured, you’re still vulnerable. Oh, and it’s pre-auth."

Source (sorry, it's in German):
https://blog.fefe.de/?ts=a0b08d9a
“Chaos is found in greatest abundance wherever order is being sought. It always defeats order, because it is better organized.”            - Terry Pratchett -
 

Offline jstjep00

  • Newbie
  • Posts: 1
  • Country: 00
  • Mess with the best, die like the rest
Re: pppd vulnerable
« Reply #1 on: April 05, 2020, 05:32:19 pm »
Well as far as I know this might be a blessing in disguise for few reasons. One of the reasons is that this vulnerability even though widespread isn't widely applicable due to scope of router specific firmware. Since every router has different firmware and specific memory allocation then it can be argued that you would need to develop a bunch of different variants of this exploit to work across the board. Maybe few specific highly used routers will get affected on few major ISPs. The problem with security problems on router firmwares is the amount of middle men in the whole process with new firmware releases. pppd is developed by Paul Mackerras and other couple of people (Drew Perkins, Brad Clements, Karl Fox, Greg Christy, and Brad Parker). Then these new releases need to be implemented in routers of vendors (ZTE, Huawei, Thompson, Zyxel....) and then ISP needs to add on their own configuration and stuff to those firmware so that they get their wide commercial usage. Usually I would say that slowest ones to do this change are the ISPs themselves so if we see this thing go through relatively little bit of problem we might see ISPs getting their act together and rolling out firmwares faster.
 
The following users thanked this post: BU508A


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf