Dropbear SSH Server DSS Verification Memory Error May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1010785
|
|
SecurityTracker URL: http://securitytracker.com/id?1010785
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 27 2004
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 0.43
|
Description: A vulnerability was reported in Dropbear SSH Server. A remote user may be able to execute arbitrary code on the target system.
The vendor reported that the DSS verification software may attempt to free() uninitialized variables, potenially allowing a remote
user to cause arbitrary code to be executed on the target system with the privileges of the Dropbear SSH Server.
Systems that
have DSS and pubkey-auth compiled in are affected.
The vendor credits Arne Bernin with reporting this flaw.
|
Impact: A remote user may be able to execute arbitrary code on the target system with the privileges of the Dropbear SSH daemon.
|
Solution: The vendor has released a fixed version (0.43), available at:
http://matt.ucc.asn.au/dropbear/
|
Vendor URL: matt.ucc.asn.au/dropbear/dropbear.html (Links to External Site)
|
Cause: State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 27 Jul 2004 02:20:36 -0400
Subject: http://matt.ucc.asn.au/dropbear/CHANGES
|
http://matt.ucc.asn.au/dropbear/CHANGES
> 0.43 - Fri Jul 16 2004 17:44:54 +0800
>
> - SECURITY: Don't try to free() uninitialised variables in DSS verification
> code. Thanks to Arne Bernin for pointing out this bug. This is possibly
> exploitable, all users with DSS and pubkey-auth compiled in are advised to
> upgrade.
|
|
