A cikin kunshin ppd (), ba ku damar aiwatar da lambar ku ta hanyar aika buƙatun tabbatarwa na musamman zuwa tsarin ta amfani da ka'idar PPP (Point-to-Point Protocol) ko PPPoE (PPP over Ethernet). Ana amfani da waɗannan ka'idoji ta hanyar masu samarwa don tsara haɗin kai ta hanyar Ethernet ko DSL, kuma ana amfani da su a wasu VPNs (misali, pptpd da ). Don bincika idan matsalar ta shafi tsarin ku amfani da samfur.
Rashin lahani yana faruwa ne ta hanyar buffer ambaliya a cikin aiwatar da yarjejeniyar tabbatar da EAP (Extensible Authentication Protocol). Za a iya kai harin a matakin tantancewa ta hanyar aika fakiti mai nau'in EAPT_MD5CHAP, gami da sunan mai tsawo mai tsayi wanda bai dace da ma'ajin da aka kebe ba. Saboda kwaro a cikin lambar don bincika girman filin rhostname, maharin zai iya sake rubuta bayanai a wajen ma'ajin da ke kan tari kuma ya cimma aiwatar da lambar su mai nisa tare da haƙƙin tushen. Rashin lahani yana bayyana kansa akan uwar garken da bangarorin abokin ciniki, watau. Ba wai uwar garken kadai za a iya kaiwa hari ba, har ma da abokin ciniki da ke ƙoƙarin haɗawa da uwar garken da maharin ke sarrafa (misali, maharin zai iya fara hacking uwar garken ta hanyar rashin lahani, sannan ya fara kai hari ga abokan hulɗa).
Matsalar tana shafar iri daga 2.4.2 zuwa 2.4.8 hade da kuma kawar da su a cikin tsari . Rashin lahani kuma tari , amma saitin tsoho a cikin lwIP baya kunna tallafin EAP.
Ana iya duba matsayin gyara matsalar a cikin kayan rarrabawa akan waɗannan shafuka: , , , , , , , . A kan RHEL, OpenWRT da SUSE, an gina fakitin pppd tare da kunna kariyar "Stack Smashing Protection" (yanayin "-fstack-protector" a cikin gcc), wanda ke iyakance cin nasara ga gazawa. Baya ga rarrabawa, an kuma tabbatar da raunin a wasu samfuran (Mai sarrafa kira) da Synology (Mai sarrafa DiskStation, VisualStation VS960HD da Mai sarrafa na'ura mai ba da hanya tsakanin hanyoyin sadarwa) ta amfani da lambar pppd ko lwIP.
source: budenet.ru