GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Jul 20, 2016 9:26 am Post subject: [ GLSA 201607-08 ] Dropbear |
|
|
Gentoo Linux Security Advisory
Title: Dropbear: Privilege escalation (GLSA 201607-08)
Severity: normal
Exploitable: remote
Date: July 20, 2016
Bug(s): #577050
ID: 201607-08
Synopsis
A vulnerability has been found in Dropbear, which allows remote
authenticated users to bypass intended shell-command restrictions.
Background
Dropbear is a relatively small SSH server and client.
Affected Packages
Package: net-misc/dropbear
Vulnerable: < 2016.73
Unaffected: >= 2016.73
Architectures: All supported architectures
Description
A CRLF injection vulnerability in Dropbear SSH allows remote
authenticated users to bypass intended shell-command restrictions via
crafted X11 forwarding data.
Impact
A remote authenticated user could execute arbitrary code with the
privileges of the process.
Workaround
There is no known workaround at this time.
Resolution
All Dropbear users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dropbear-2016.73"
|
References
CVE-2016-3116 |
|