PT-2017-9182 · Dropbear+1 · Dropbear Ssh+1

Andrej Nemec

·

Published

2016-07-26

·

Updated

2017-03-04

·

CVE-2016-7408

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Dropbear SSH versions prior to 2016.74
Description The issue allows remote attackers to execute arbitrary code via crafted arguments, specifically the -m or -c argument.
Recommendations For versions prior to 2016.74, update to version 2016.74 or later to resolve the issue.

Fix

RCE

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALT-PU-2016-1786
CVE-2016-7408
MGASA-2016-0301

Affected Products

Alt Linux
Dropbear Ssh