MGASA-2016-0301

Source
https://advisories.mageia.org/MGASA-2016-0301.html
Import Source
https://advisories.mageia.org/MGASA-2016-0301.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2016-0301
Related
Published
2016-09-16T09:27:13Z
Modified
2016-09-15T14:47:52Z
Summary
Updated dropbear packages fix security vulnerability
Details

Message printout was vulnerable to format string injection.

If specific usernames including "%" symbols can be created on a system (validated by getpwnam()) then an attacker could run arbitrary code as root when connecting to Dropbear server. Also, a dbclient user who can control username or host arguments could potentially run arbitrary code as the dbclient user. This could be a problem if scripts or webpages pass untrusted input to the dbclient program (CVE-2016-7406).

dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files (CVE-2016-7607).

dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts (CVE-2016-7408).

References
Credits

Affected packages

Mageia:5 / dropbear

Package

Name
dropbear
Purl
pkg:rpm/mageia/dropbear?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2014.66-1.2.mga5

Ecosystem specific

{
    "section": "core"
}