|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200512-13] Dropbear: Privilege escalation Vulnerability Scan
Vulnerability Scan Summary Dropbear: Privilege escalation
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200512-13
(Dropbear: Privilege escalation)
Under certain conditions Dropbear could fail to allocate a
sufficient amount of memory, possibly resulting in a buffer overflow.
Impact
By sending specially crafted data to the server, authenticated
users could exploit this vulnerability to execute arbitrary code with
the permissions of the SSH server user, which is the root user by
default.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4178
Solution:
All Dropbear users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dropbear-0.47"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|