The days of Linux advocates being able to claim that Linux “is more secure & safer” than Microsoft Windows 10 are over. I will be adding this post to the ‘Linux Security Issues’ page.
This PPP vulnerability affects ‘internet links over dial-up modems, DSL connections, and many other types of point-to-point links including Virtual Private Networks (VPN) such as Point to Point Tunneling Protocol (PPTP). The pppd software can also authenticate a network connected peer and/or supply authentication information to the peer using multiple authentication protocols including EAP.’ Basically, if you use Linux whilst connected to the internet, then you best be looking for your Distro’s ‘security patch’ … just run a Google search or check with your Distro’s website. Articles I have been reading don’t mention all the Distros that are vulnerable to CVE-2020-8597, but most suggest that “Most Linux Systems” are vulnerable.
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices … snip … The affected pppd software is an implementation of Point-to-Point Protocol (PPP) that enables communication and data transfer between nodes, primarily used to establish internet links such as those over dial-up modems, DSL broadband connections, and Virtual Private Networks … snip … The vulnerability, tracked as CVE-2020-8597 with CVSS Score 9.8, can be exploited by unauthenticated attackers to remotely execute arbitrary code on affected systems and take full control over them.
As I mentioned in the Linux & Malicious Code – ‘Lord ha’ Mercy ‘n Hold yore Penguins!!!’ post, the open source antivirus software sucks for the average Desktop user…if you’re using Linux as your main OS, then I suggest buying a real antivirus program. NOTE: Windows 10 comes with Windows Security so there is no need for a 3rd party antivirus program purchase or the yearly renewal fees. Oh, if you want security for your OS, then Linux is also no longer “Free.”