Bug 116006

Summary:	net-misc/dropbear buffer overflow (CVE-2005-4178)
Product:	Gentoo Security	Reporter:	Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4178
Whiteboard:	C1? [glsa] jaervosz
Package list:		Runtime testing required:	---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-12-18 22:46:07 UTC

Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-12-18 22:47:33 UTC

Vapier please advise and bump as necessary.

Comment 2 SpanKY gentoo-dev

2005-12-19 16:51:55 UTC

version bumped in cvs

Comment 3 Stefan Cornelius (RETIRED) gentoo-dev

2005-12-19 22:46:26 UTC

dear arches, please test and mark stable - thx

Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev

2005-12-20 05:41:04 UTC

sparc stable.

Comment 5 Mark Loeser (RETIRED) gentoo-dev

2005-12-20 09:16:13 UTC

x86 stable

Comment 6 Simon Stelling (RETIRED) gentoo-dev

2005-12-20 10:32:53 UTC

amd64 stable

Comment 7 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-12-20 11:48:46 UTC

hppa, ppc done

Comment 8 Fernando J. Pereda (RETIRED) gentoo-dev

2005-12-21 01:56:27 UTC

Alpha done. Sorry for the delay.

Cheers,
Ferdy

Comment 9 Stefan Cornelius (RETIRED) gentoo-dev

2005-12-21 02:00:38 UTC

looks like ready for glsa

Comment 10 Stefan Cornelius (RETIRED) gentoo-dev

2005-12-23 03:55:34 UTC

Closing with GLSA 200512-13
Thanks to everybody involved.

Comment 11 Joshua Kinard gentoo-dev

2005-12-30 11:21:37 UTC

Marked stable on mips.