116006 – net-misc/dropbear buffer overflow (CVE-2005-4178)

Bug 116006 - net-misc/dropbear buffer overflow (CVE-2005-4178)

Summary: net-misc/dropbear buffer overflow (CVE-2005-4178)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:	C1? [glsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2005-12-18 22:46 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2005-12-30 11:21 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-12-18 22:46:07 UTC

Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-12-18 22:47:33 UTC

Vapier please advise and bump as necessary.

Comment 2 SpanKY gentoo-dev

2005-12-19 16:51:55 UTC

version bumped in cvs

Comment 3 Stefan Cornelius (RETIRED) gentoo-dev

2005-12-19 22:46:26 UTC

dear arches, please test and mark stable - thx

Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev

2005-12-20 05:41:04 UTC

sparc stable.

Comment 5 Mark Loeser (RETIRED) gentoo-dev

2005-12-20 09:16:13 UTC

x86 stable

Comment 6 Simon Stelling (RETIRED) gentoo-dev

2005-12-20 10:32:53 UTC

amd64 stable

Comment 7 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-12-20 11:48:46 UTC

hppa, ppc done

Comment 8 Fernando J. Pereda (RETIRED) gentoo-dev

2005-12-21 01:56:27 UTC

Alpha done. Sorry for the delay.

Cheers,
Ferdy

Comment 9 Stefan Cornelius (RETIRED) gentoo-dev

2005-12-21 02:00:38 UTC

looks like ready for glsa

Comment 10 Stefan Cornelius (RETIRED) gentoo-dev

2005-12-23 03:55:34 UTC

Closing with GLSA 200512-13
Thanks to everybody involved.

Comment 11 Joshua Kinard gentoo-dev

2005-12-30 11:21:37 UTC

Marked stable on mips.