Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable700028.PRM
HistoryMar 28, 2017 - 12:00 a.m.

Dropbear SSH < 2016.74.0 Multiple Vulnerabilities

2017-03-2800:00:00
Tenable
www.tenable.com
75
JSON

Dropbear is an SSH client and server application. Versions of Dropbear SSH server prior to 2016.74.0 are potentially vulnerable to the following vulnerabilities :

  • A format string flaw exists that is triggered as string format specifiers (e.g. %s and %x) are not properly used when handling usernames or host arguments. This may allow a remote attacker to potentially execute arbitrary code. (CVE-2016-7406)
  • A flaw exists that is triggered during the handling of specially crafted OpenSSH key files that are imported via ‘dropbearconvert’. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-7407)
  • A flaw exists in ‘dbclient’ that is triggered during the handling of ‘-m’ or ‘-c’ arguments, as used in scripts. This may allow a remote attacker to potentially execute arbitrary code. (CVE-2016-7408)
  • A flaw exists in ‘dbclient’ or ‘dropbear server’ that is triggered when compiling with ‘DEBUG_TRACE’ and running with ‘-v’. This may allow a local attacker to gain access to process memory. (CVE-2016-7409)
Binary data 700028.prm
VendorProductVersionCPE
matt_johnstondropbear_ssh_servercpe:/a:matt_johnston:dropbear_ssh_server

Related

nessus 4
openvas 3
freebsd 1
gentoo 1
mageia 1
osv 1
debian 1
prion 4
ubuntucve 4
cve 4
cvelist 4
debiancve 4
nessus
nessus
GLSA-201702-23 : Dropbear: Multiple vulnerabilities
2017-02-21 00:00:00
FreeBSD : dropbear -- multiple vulnerabilities (bc19dcca-7b13-11e6-b99e-589cfc0654e1)
2016-09-16 00:00:00
Dropbear SSH Server < 2016.72 Multiple Vulnerabilities
2016-09-22 00:00:00
openvas
openvas
Dropbear SSH < 2016.74 Multiple Vulnerabilities
2016-11-10 00:00:00
Mageia: Security Advisory (MGASA-2016-0301)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-634-1)
2023-03-08 00:00:00
freebsd
freebsd
dropbear -- multiple vulnerabilities
2016-07-12 00:00:00
gentoo
gentoo
Dropbear: Multiple vulnerabilities
2017-02-20 00:00:00
mageia
mageia
Updated dropbear packages fix security vulnerability
2016-09-16 12:27:13
osv
osv
dropbear - security update
2016-09-23 00:00:00
debian
debian
[SECURITY] [DLA 634-1] dropbear security update
2016-09-23 19:26:54
prion
prion
Code injection
2017-03-03 16:59:00
Format string
2017-03-03 16:59:00
Design/Logic Flaw
2017-03-03 16:59:00
ubuntucve
ubuntucve
CVE-2016-7406
2017-03-03 00:00:00
CVE-2016-7408
2017-03-03 00:00:00
CVE-2016-7409
2017-03-03 00:00:00
cve
cve
CVE-2016-7406
2017-03-03 16:59:00
CVE-2016-7408
2017-03-03 16:59:00
CVE-2016-7409
2017-03-03 16:59:00
cvelist
cvelist
CVE-2016-7406
2017-03-03 16:00:00
CVE-2016-7408
2017-03-03 16:00:00
CVE-2016-7409
2017-03-03 16:00:00
debiancve
debiancve
CVE-2016-7408
2017-03-03 16:59:00
CVE-2016-7406
2017-03-03 16:59:00
CVE-2016-7409
2017-03-03 16:59:00
JSON
Related for 700028.PRM
nessus4openvas3freebsd1gentoo1mageia1osv1debian1prion4ubuntucve4cve4cvelist4debiancve4