Summary: | <net-misc/dropbear-2016.74: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim <tmhikaru> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | embedded |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://matt.ucc.asn.au/dropbear/CHANGES | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: |
=net-misc/dropbear-2016.74
|
Runtime testing required: | --- |
Description
Tim
2017-01-13 09:51:26 UTC
Thank you for the report! From $URL: 2016.74 - 21 July 2016 - Security: Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system (validated by getpwnam()) then an attacker could run arbitrary code as root when connecting to Dropbear server. A dbclient user who can control username or host arguments could potentially run arbitrary code as the dbclient user. This could be a problem if scripts or webpages pass untrusted input to the dbclient program. CVE-2016-7406 https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files CVE-2016-7407 https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e - Security: dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts. CVE-2016-7408 https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6 - Security: dbclient or dropbear server could expose process memory to the running user if compiled with DEBUG_TRACE and running with -v CVE-2016-7409 https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04 The security issues were reported by an anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html - Fix port forwarding failure when connecting to domains that have both IPv4 and IPv6 addresses. The bug was introduced in 2015.68 - Fix 100% CPU use while waiting for rekey to complete. Thanks to Zhang Hui P for the patch @ Maintainers(s): Can we start stabilization of =net-misc/dropbear-2016.74 @ Arches, please test and mark stable: =net-misc/dropbear-2016.74 Stable for HPPA PPC64. amd64 stable x86 stable ppc stable sparc stable ia64 stable Stable on alpha. arm stable, all arches done. GLSA request filed @ Maintainer(s): Please cleanup and drop =net-misc/dropbear-2016.73! This issue was resolved and addressed in GLSA 201702-23 at https://security.gentoo.org/glsa/201702-23 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for cleanup. @ Maintainer(s): Please cleanup and drop =net-misc/dropbear-2016.73! |