Описание
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the refuse-app option are unaffected.
Меры по смягчению последствий
PPP instances must be configured for EAP-TLS authentication to expose this vulnerability. For ppp servers, the file /etc/ppp/eaptls-server' must exist. For clients, either /etc/ppp/eaptls-clientmust exist or command-line optionsca, certandkey` must be provided.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ppp | Not affected | ||
| Red Hat Enterprise Linux 6 | ppp | Not affected | ||
| Red Hat Enterprise Linux 7 | ppp | Will not fix | ||
| Red Hat Enterprise Linux 8 | ppp | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected.
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected.
Improper input validation together with an integer overflow in the EAP ...
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected.
7.5 High
CVSS3