The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
References
Link | Resource |
---|---|
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html | Mailing List Patch Third Party Advisory |
http://www.debian.org/security/2017/dsa-3859 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20191004-0006/ | Third Party Advisory |
Information
Published : 2017-05-19 07:29
Updated : 2022-07-11 10:11
NVD link : CVE-2017-9078
Mitre link : CVE-2017-9078
JSON object : View
CWE
CWE-415
Double Free
Products Affected
debian
- debian_linux
netapp
- h410c_firmware
- h410c
dropbear_ssh_project
- dropbear_ssh