Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

CVE-2020-8597 is it applicable for Palo alto ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

CVE-2020-8597 is it applicable for Palo alto ?

L3 Networker

We have received a Critical Security Advisory related to Buffer Overflow Vulnerability in Point-to-Point Protocol Daemon (pppd).
 is applicable to our PaloAlto and Panorama Firewall devices.?


Risk Advisory No CVE-2020-8597
Advisory Name Buffer Overflow Vulnerability in Point-to-Point Protocol Daemon (pppd)
Severity Critical
Action Required Immediate
Summary CVE-2020-8597
CVE A new buffer overflow vulnerability has been discovered in pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8. An unauthenticated remote attacker could cause memory corruption in the pppd process, which may allow for arbitrary code execution. System administrators are encouraged to update pppd software with the latest available patches in order to prevent vulnerability exploitation.
Affected Products Buffer Overflow Vulnerability in Point-to-Point Protocol Daemon (pppd) versions 2.4.2 through 2.4.8 are vulnerable
to CVE-2020-8597. This package is included in software products from different vendors. Please find below the list of confirmed affected vendors:
• Cisco
• Debian GNU/Linux
• Fedora Project
• NetBSD
• OpenWRT
• Red Hat
• Sierra Wireless
• SUSE Linux
• Synology
• TP-LINK
• Ubuntu
Recommendations It is recommended to update the pppd package with the latest available patches provided by each vendor. An authenticated attacker may still be able to exploit the vulnerability even if EAP is not enabled by sending unsolicited EAP packets to trigger
the buffer overflow. If the package has been compiled from source, the latest software can be obtained
from the pppd repository in Github:
https://github.com/paulusmack/ppp
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f33
77fe6787575426
For those using the lwIP (lightweight IP) package compiled from source with EAP
enabled at compile time, the latest version is also available on Github:
http://git.savannah.nongnu.org/cgit/lwip.git
http://git.savannah.nongnu.org/cgit/lwip.git/commit/?
id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86

 

Regards,

1 REPLY 1

L7 Applicator

With the release of PAN-OS 9.0.1 Palo Alto Networks has a new Security Advisory site.  Please see https://securityadvisories.paloaltonetworks.com for details.

 

It does not appear that Palo Alto Networks devices are vulnerable to this specific advisory.

I searched that site and did not find it. 

 

I would recommend that you search that site for all CVE's or visit:

https://live.paloaltonetworks.com/t5/PSIRT-Articles/tkb-p/PSIRT_Articles

 

 

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
  • 2345 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!