PPPD 2.4.8 bug

https://www.phoronix.com/scan.php?page=news_item&px=Linux-2020-PPPD-Flaw

By sending an unsolicited EAP packet to a vulnerable ppp client or server, an unauthenticated remote attacker could cause memory corruption in the pppd process, which may allow for arbitrary code execution.

https://openwrt.org/advisory/2020-02-21-1

4 Likes