ID CVE-2017-9078
Summary The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
References
Vulnerable Configurations
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.74
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.74
CVSS
Base: 9.3
Impact:
Exploitability:
CWE CWE-415
CAPEC
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-A50319C820.NASL
    description Security fixes for CVE-2017-9078 CVE-2017-9079 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 101694
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101694
    title Fedora 26 : dropbear (2017-a50319c820)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-8E9BD58CBB.NASL
    description Security fixes for CVE-2017-9078 CVE-2017-9079 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 100607
    published 2017-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100607
    title Fedora 25 : dropbear (2017-8e9bd58cbb)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3859.NASL
    description Two vulnerabilities were found in Dropbear, a lightweight SSH2 server and client : - CVE-2017-9078 Mark Shepard discovered a double free in the TCP listener cleanup which could result in denial of service by an authenticated user if Dropbear is running with the '-a' option. - CVE-2017-9079 Jann Horn discovered a local information leak in parsing the .authorized_keys file.
    last seen 2018-01-30
    modified 2018-01-29
    plugin id 100306
    published 2017-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100306
    title Debian DSA-3859-1 : dropbear - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-B22DE5C767.NASL
    description Security fixes for CVE-2017-9078 CVE-2017-9079 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 100608
    published 2017-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100608
    title Fedora 24 : dropbear (2017-b22de5c767)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_60931F9855A711E78514589CFC0654E1.NASL
    description Matt Johnston reports : Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys.
    last seen 2018-02-02
    modified 2018-02-01
    plugin id 101217
    published 2017-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101217
    title FreeBSD : Dropbear -- two vulnerabilities (60931f98-55a7-11e7-8514-589cfc0654e1)
refmap via4
confirm http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html
debian DSA-3859
Last major update 19-05-2017 - 10:29
Published 19-05-2017 - 10:29
Last modified 03-11-2017 - 21:29
Back to Top