CVE-2020-8597: 
Rocky Linux vulnerability analysis and mitigation

CVE-2020-8597 is a buffer overflow vulnerability discovered in pppd (Point-to-Point Protocol Daemon) versions 2.4.2 through 2.4.8. The vulnerability exists in the eap_request and eap_response functions in eap.c, where a flaw in the bounds check for the rhostname was improperly constructed (CERT VU, MITRE CVE).

The vulnerability stems from a logic flaw in the EAP packet processing code. When processing EAP packets of type EAPT_MD5CHAP(4), the code verifies that an embedded length field is smaller than the whole packet length. However, the bounds check is incorrect, allowing arbitrary data to be copied into a local stack buffer. Additionally, the eap_input() function does not verify if EAP has been negotiated during the Link Control Protocol (LCP) phase, allowing an attacker to send an EAP packet even if ppp refused the authentication negotiation (CERT VU).

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a buffer overflow, potentially leading to arbitrary code execution with system or root privileges. The pppd daemon often runs with elevated privileges and works with kernel drivers, making this vulnerability particularly severe (CERT VU).

The primary mitigation is to update to a patched version of pppd. The fix was committed to the ppp repository with commit 8d7970b. For systems that cannot be immediately updated, some vendors note that their builds include stack protection features that may help mitigate the impact. Red Hat packages, for example, are compiled with gcc's stack-protector feature which may limit the impact to a crash only (Red Hat, GitHub Patch).