MGASA-2016-0301

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0301.html

Import Source

https://advisories.mageia.org/MGASA-2016-0301.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0301

Related

Published

2016-09-16T09:27:13Z

Modified

2016-09-15T14:47:52Z

Summary

Updated dropbear packages fix security vulnerability

Details

Message printout was vulnerable to format string injection.

If specific usernames including "%" symbols can be created on a system (validated by getpwnam()) then an attacker could run arbitrary code as root when connecting to Dropbear server. Also, a dbclient user who can control username or host arguments could potentially run arbitrary code as the dbclient user. This could be a problem if scripts or webpages pass untrusted input to the dbclient program (CVE-2016-7406).

dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files (CVE-2016-7607).

dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts (CVE-2016-7408).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / dropbear

Package

Name: dropbear
Purl: pkg:rpm/mageia/dropbear?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2014.66-1.2.mga5

Ecosystem specific

{
    "section": "core"
}