漏洞类别:General remote services
漏洞等级: 
漏洞信息
Dropbear is a software package that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems.
Dropbear SSH contains the following vulnerabilites:
CVE-2016-7406: Format string vulnerability in Dropbear SSH allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
CVE-2016-7407: The dropbearconvert command in Dropbear SSH allows attackers to execute arbitrary code via a crafted OpenSSH key file.
CVE-2016-7408: dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts. Successfully exploiting this issue will allow the attacker to execute arbitrary code within the context of an application using the affected library.
CVE-2016-7409: The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident. Dropbear SSH is prone to a remote information disclosure vulnerability. Successfully exploiting this issue will allow the attacker to gain sensitive information.
Affected Versions:
Dropbear SSH prior to 2016.74
QID Detection Logic (Authenticated):
This authenticated detection matches vulnerable versions of the Dropbear SSH client by running the "dripbear -V" command.
QID Detection Logic (Unauthenticated):
This unauthenticated detection matches vulnerable versions of Dropbear SSH based on the banner disclosed by the remote service.
漏洞危害
Depending on the vulnerability being exploited, an unauthenticated remote attacker could execute arbitrary code, gain sensitive information or cause a denial-of-service condition on a targeted server.
解决方案
Customers are advised to upgrade to Dropbear SSH 2016.74 or later versions to remediate these vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论