You can use this code to verify if your PPTPD server is likely vulnerable to CVE-2020-8597 vulnerability. Usage prompt# ./pptp_poc.py Usage ./pptp_poc.py PPTP_Server to test for CVE-2020-8597

prompt# ./pptp_poc.py 172.19.12.21 Initiating communications with PPTP server 172.19.12.21 Connected to PPTP server, now sending large buffer to peer to attempt buffer overflow Server 172.19.12.21 is likely vulnerable, did not return anything after EAP packet

prompt# DEBUG=1 ./pptp_poc.py 172.19.12.24 Initiating communications with PPTP server 172.19.12.24 .... debug info .... Connected to PPTP server, now sending large buffer to peer to attempt buffer overflow Server 172.19.12.24 is likely vulnerable, did not return anything after EAP packet

prompt# ./pptp_poc.py 172.19.12.254 Initiating communications with PPTP server 172.19.12.254 Connected to PPTP server, now sending large buffer to peer to attempt buffer overflow Server 172.19.12.254 is likely NOT vulnerable to buffer overflow Verifying peer 172.19.12.254 one more time using a Echo request to the peer Received a normal PPP Echo Reply, System is mostly likely NOT vulnerable

There are some sample PCAP file with exploit (and without exploit) and matching snort rules included in this repository. Read the cve-2020-8597-pptpd.rules file for details