Package dropbear updated to version 2016.74-alt1 for branch sisyphus in task 167471.

Published: 2016-07-12

BDU:2017-02586

Уязвимость пакета программ для организации сеансов связи по протоколу SSH Dropbear, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-03

BDU:2017-02587

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-03
Modified: 2024-11-21

CVE-2016-7406

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-03
Modified: 2024-11-21

CVE-2016-7407

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-03
Modified: 2024-11-21

CVE-2016-7408

The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-03
Modified: 2024-11-21

CVE-2016-7409

The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Version: 2.1.0

Package dropbear update in sisyphus on 2016-07-26

ALT-PU-2016-1786-1

Closed vulnerabilities

BDU:2017-02586

BDU:2017-02587

CVE-2016-7406

CVE-2016-7407

CVE-2016-7408

CVE-2016-7409