Dropbear is an SSH client and server application. Versions of Dropbear SSH server prior to 2016.74.0 are potentially vulnerable to the following vulnerabilities :
- A format string flaw exists that is triggered as string format specifiers (e.g. %s and %x) are not properly used when handling usernames or host arguments. This may allow a remote attacker to potentially execute arbitrary code. (CVE-2016-7406)
- A flaw exists that is triggered during the handling of specially crafted OpenSSH key files that are imported via ‘dropbearconvert’. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-7407)
- A flaw exists in ‘dbclient’ that is triggered during the handling of ‘-m’ or ‘-c’ arguments, as used in scripts. This may allow a remote attacker to potentially execute arbitrary code. (CVE-2016-7408)
- A flaw exists in ‘dbclient’ or ‘dropbear server’ that is triggered when compiling with ‘DEBUG_TRACE’ and running with ‘-v’. This may allow a local attacker to gain access to process memory. (CVE-2016-7409)