Ija Van Sprundel, an IOActive security researcher found a 17-Year-Old bug in Linux based Operating System that Could Lead To Remote Code Execution.
As stated by US-CERT Coordination Center, a flaw in Extensible Authentication Protocol (EAP) packet which processes in eap_request and eap_response subroutines is vulnerable to buffer overflow. The bug is found in PPPD(Point to Point Protocol Daemon) versions 2.4.2 to 2.4.8.
Sending Unwanted EAP Packet
As per the definition of US-Cert, PPP is the protocol used in establishing Internet links over dial-up-modems, DSL connections. The protocol is also used in point to point links such as Virtual Private Network(VPN) and Point to Point Tunneling Protocol (PPTP).
Besides this, the PPPD is used in authenticating a network-connected peer or in supplying authenticated information to the peer with the help of multiple authentication protocols that include EAP.
An error invalidating the size of the input before copying the supplied data into memory causes this vulnerability, the center stated. The PPPD bug gives unwanted access to the remote attacker to execute arbitrary code on the target system. The copied arbitrary code causes memory corruption which leads to unwanted code execution.
Some of the popular distros are affected by this bug. Ubuntu, Debian, Fedora, SUSE Linux, Red Hat Enterprise Linux are the most popular Linux-based operating systems affected by the flaw as per Ija Van Sprundel, an IOActive security researcher’s statement.
The only solution to prevent this vulnerability affecting you is to update software with the latest available patches.
Interested in Linux News’ daily update? Subscribe our newsletter for daily updates.