1. CVE-Search
  2. CVE-2017-9078
ID CVE-2017-9078
Summary The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
References
Vulnerable Configurations
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.28:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.29:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.30:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.31:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.32:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.33:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.34:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.35:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.36:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.37:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.38:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.39:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.40:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.41:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.42:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.43:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test1:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test1:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test2:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test2:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test3:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test3:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test4:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test4:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.45:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.46:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.47:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48.1:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.49:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.50:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.51:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.52:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53.1:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2011.54:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2011.54:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.54:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.54:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.55:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.55:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.56:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.56:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.57:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.57:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.58:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.58:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.59:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.59:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.60:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.60:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.61:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.61:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.61:test:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.61:test:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.62:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.62:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.63:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.63:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.64:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.64:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.65:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.65:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.66:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.66:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.67:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.67:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.68:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.68:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.69:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.69:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.70:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.70:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.71:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.71:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.72:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.72:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.73:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.73:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.74:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.74:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
CVSS
Base: 8.5 (as of 11-07-2022 - 17:11)
Impact:
Exploitability:
CWE CWE-415
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:S/C:C/I:C/A:C
refmap via4
confirm
debian DSA-3859
Last major update 11-07-2022 - 17:11
Published 19-05-2017 - 14:29
Last modified 11-07-2022 - 17:11
Back to Top