PPPDÔ¶³Ì´úÂëÖ´ÐÐÎó²îΣº¦Í¨¸æ

Ðû²¼Ê±¼ä 2020-03-06

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2020-8597£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬CVSS·ÖÖµ£º9.8


Ó°Ïì°æ±¾


pppd 2.4.2ÖÁ2.4.8 °æ±¾


Îó²î¸ÅÊö


US-CERT Ðû²¼Ç徲ͨ¸æ³Æ£¬£¬£¬£¬PPP ÊØ»¤Àú³Ì (pppd) Èí¼þÖб£´æÒ»¸öÒÑÓÐ17ÄêÖ®¾ÃµÄÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¬£¬£¬£¬Ó°ÏìÏÕЩËùÓлùÓÚ Linux µÄ²Ù×÷ϵͳÒÔ¼°ÍøÂç×°±¸¹Ì¼þ¡£¡£¡£¡£¡£¡£


ÊÜÓ°ÏìµÄ pppd Èí¼þÊǵã¶ÔµãЭÒ飨PPP£¬£¬£¬£¬Ö§³Ö½ÚµãÖ®¼äµÄͨѶºÍÊý¾Ý´«Ê䣩µÄʵÏÖ£¬£¬£¬£¬Ö÷ÒªÓÃÓÚÉèÁ¢»¥ÁªÍøÁ´½ÓÈ粦ºÅµ÷Öƽâµ÷Æ÷¡¢DSL¿í´øÅþÁ¬ºÍÐéÄâרÓÃÍøÂçµÄÅþÁ¬¡£¡£¡£¡£¡£¡£


¸ÃÎó²îÓÉpppd Èí¼þµÄ¿ÉÀ©Õ¹ÈÏ֤ЭÒé (EAP) Êý¾Ý°üÆÊÎöÆ÷Öб£´æµÄÒ»¸öÂß¼­¹ýʧÒý·¢£¬£¬£¬£¬¿Éµ¼ÖÂδÈÏÖ¤¹¥»÷ÕßÔÚÊÜÓ°ÏìϵͳÉÏÔ¶³ÌÖ´ÐÐí§Òâ´úÂë²¢ÍêÈ«¿ØÖÆϵͳ¡£¡£¡£¡£¡£¡£¶ø¹¥»÷ÕßҪʵÏÖÕâһĿµÄ£¬£¬£¬£¬ÐèÒª×öµÄ²»¹ýÊÇÏòÒ×Êܹ¥»÷µÄ ppp ¿Í»§¶Ë»òЧÀÍÆ÷·¢ËÍÃûÌùýʧµÄ EAP Êý¾Ý°ü¡£¡£¡£¡£¡£¡£


ÁíÍ⣬£¬£¬£¬ÓÉÓÚ pppd ͨ³£ÒÔ¸ßȨÏÞÔËÐÐÇÒÓëÄÚºËÇý¶¯³ÌÐòÒ»ÆðÔË×÷£¬£¬£¬£¬Òò´Ë¸ÃÎó²î¿ÉÄÜʹ¹¥»÷ÕßÒÔϵͳ»ò root ȨÏÞÖ´ÐжñÒâ´úÂë¡£¡£¡£¡£¡£¡£


Ç徲ͨ¸æÖ¸³ö£¬£¬£¬£¬¡°½«ËùÌṩÊý¾Ý¸´ÖƵ½ÄÚ´æÇ°£¬£¬£¬£¬ÑéÖ¤ÊäÈë¾Þϸʱ·ºÆð¹ýʧµ¼ÖÂÎó²î±¬·¢¡£¡£¡£¡£¡£¡£ÓÉÓÚ¶ÔÊý¾Ý¾ÞϸµÄÑéÖ¤²»×¼È·£¬£¬£¬£¬Òò´Ë¿É½«í§ÒâÊý¾Ý¸´ÖƵ½ÄÚ´æÖв¢Òý·¢ÄÚ´æËð»µÎÊÌ⣬£¬£¬£¬¿ÉÄܵ¼ÖÂÖ´Ðв»ÐëÒªµÄ´úÂë¡£¡£¡£¡£¡£¡£¸ÃÎó²î±£´æÓÚ eap ÆÊÎö´úÂëÂß¼­ÖУ¬£¬£¬£¬Ïêϸ±£´æÓÚÍøÂçÊäÈë¾ä±úŲÓÃµÄ eap.c ÖÐµÄ eap_request() ºÍeap_response()º¯ÊýÖС£¡£¡£¡£¡£¡£¡±Ç徲ͨ¸æ»¹Ö¸³ö£¬£¬£¬£¬ÈôÊÇδÆôÓà EAP »òÔ¶³Ì¶ÔµÈ·½Î´Ê¹ÓÃÃÜÂëЭÉÌEAP£¬£¬£¬£¬ÔòÒÔΪ pppd ²»Ò×Êܹ¥»÷µÄ¿´·¨²»×¼È·£¬£¬£¬£¬Ôµ¹ÊÔ­ÓÉÔÚÓÚÈÏÖ¤µÄ¹¥»÷Õß¿ÉÄÜÈÔÈ»Äܹ»·¢ËÍδ¾­ÇëÇóµÄ EAP Êý¾Ý°ü´¥·¢»º³åÇøÒç³öÎó²î¡£¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPoC/EXP¡£¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ppp Èí¼þÉÐδÕë¶Ô¸ÃÎó²îÐû²¼Ð嵀 Release °æ±¾£¬£¬£¬£¬ÇëÉý¼¶ ppp ÖÁ 8d7970b8f3db727fe798b65f3377fe6787575426 (git commit id)£ºhttps://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426¡£¡£¡£¡£¡£¡£

һЩÆÕ±éʹÓõÄ£¬£¬£¬£¬Ê¢ÐеÄLinux¿¯ÐаæÒѾ­±»Ö¤ÊµÊܵ½Ó°Ï죬£¬£¬£¬ÐÞ¸´ÇéÐÎÈçÏ£º



Debian£ºhttps://www.debian.org/security/2020/dsa-4632

Ubuntu£ºhttps://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8597.html

SUSE Linux£ºhttps://www.suse.com/security/cve/CVE-2020-8597/

Fedora£ºhttps://access.redhat.com/security/cve/cve-2020-8597

NetBSD£ºhttps://cvsweb.netbsd.org/bsdweb.cgi/src/external/bsd/ppp/dist/pppd/eap.c?only_with_tag=MAIN

Red Hat Enterprise Linux£ºhttps://access.redhat.com/security/cve/cve-2020-8597

Centos£ºhttps://centos.pkgs.org/7/centos-updates-x86_64/ppp-2.4.5-34.el7_7.x86_64.rpm.html


±ðµÄ£¬£¬£¬£¬Ò»Ð©Êܵ½Ó°ÏìµÄÓ¦ÓóÌÐòºÍ×°±¸ÐÞ¸´ÇéÐÎÈçÏ£º


Cisco CallManager£ºhttps://quickview.cloudapps.cisco.com/quickview/bug/CSCvs95534/

TP-LINK ²úÆ·£ºhttps://www.tp-link.com/en/support/faq/2803/

OpenWRT Embedded OS£ºhttps://openwrt.org/advisory/2020-02-21-1

Synology£¨DiskStation ÖÎÀíÆ÷¡¢VisualStation¡¢Router Manager£©£ºhttps://www.synology.cn/en-global/security/advisory/Synology_SA_20_02


²Î¿¼Á´½Ó


https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html