Page MenuHomeVyOS Platform

RCE in pppd and ppp client
Closed, ResolvedPublic



sorry for the link in german:

It seems that there is an RCE in server and client code:

"So it affects the server and client. Both eap_request() and eap_response() are vulnerable (and have the exact same bug). Further more, there is no check to see if you’ve actually configured eap and are using eap prior to hitting the parser. So even if it’s not configured, you’re still vulnerable. Oh, and it’s pre-auth."

There is no ppp release with this fix. It is only in current git. I also have not seen any CVE.


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)