Asking about this:
pppd vulnerable to buffer overflow due to a flaw in EAP packet processing
Hi Michael,
Thanks for bringing this to our attention, this will be patched in the upcoming 8.1.0 firmware.
Just for reference, this exploit calls for system or root-level access to our firmware and this is next to impossible.
We have certified multiple products with the only Band 14 public safety network here in the US and they had to ask us for an unencrypted version of our software just so they could see what libraries we are running. Even they could not break into it.
The threat to the general public is basically non existent.
Thanks
1 Like
OK, thanks.
2 Likes
I wish you wouldn’t say things like “The threat … is basically non existent”. If you’re vulnerable, you should patch and tell your users to apply the update instead of saying things like that. This concerns a pre-auth remote stacksmash in pppd, which carries a risk that is higher than “basically non existent”.