Linux Kernel Information Disclosure and Privilege Escalation Vulnerability Threat Alert
abril 10, 2020
Vulnerability Description
On March 31, the Linux kernel privilege escalation vulnerability demonstrated by the competitor Manfred Paul on the Pwn2Own contest was included in the CVE database and identified as CVE-2020-8835. This vulnerability exists because the bpf verifier in the Linux kernel does not properly calculate register bounds for certain operations. A local attacker could exploit this vulnerability to read confidential information (kernel memory) or gain administrative privileges. Users should take preventive measures as soon as possible.
Linux System PPPD Remote Code Execution Vulnerability (CVE-2020-8597) Threat Alert
março 27, 2020
Vulnerability Description
On March 6, the United States Computer Emergency Readiness Team (US-CERT) release a security bulletin to announce a 17-year-old remote code execution vulnerability in the PPP daemon (pppd). This vulnerability affects nearly all Linux-based operating systems and network device firmware. This vulnerability is a buffer overflow vulnerability (CVE-2020-8597), with a CVSS score of 9.8. eap.c in pppd has a rhostname buffer overflow vulnerability in the eap_request and eap_response functions. Via an Extensible Authentication Protocol (EAP) packet, an unauthenticated attacker could exploit this vulnerability to cause arbitrary code execution in an affected system. (mais…)
