pppd vulnerable

[BU508A]

Just as a heads-up: if you are having somewhere around pppd (e.g. the router for your internetconnection):
it can be hacked.

https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426

Quote from the author:
"So it affects the server and client. Both eap_request() and eap_response() are vulnerable (and have the exact same bug). Further more, there is no check to see if you’ve actually configured eap and are using eap prior to hitting the parser. So even if it’s not configured, you’re still vulnerable. Oh, and it’s pre-auth."

Source (sorry, it's in German):
https://blog.fefe.de/?ts=a0b08d9a

[jstjep00]

Well as far as I know this might be a blessing in disguise for few reasons. One of the reasons is that this vulnerability even though widespread isn't widely applicable due to scope of router specific firmware. Since every router has different firmware and specific memory allocation then it can be argued that you would need to develop a bunch of different variants of this exploit to work across the board. Maybe few specific highly used routers will get affected on few major ISPs. The problem with security problems on router firmwares is the amount of middle men in the whole process with new firmware releases. pppd is developed by Paul Mackerras and other couple of people (Drew Perkins, Brad Clements, Karl Fox, Greg Christy, and Brad Parker). Then these new releases need to be implemented in routers of vendors (ZTE, Huawei, Thompson, Zyxel....) and then ISP needs to add on their own configuration and stuff to those firmware so that they get their wide commercial usage. Usually I would say that slowest ones to do this change are the ISPs themselves so if we see this thing go through relatively little bit of problem we might see ISPs getting their act together and rolling out firmwares faster.