FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
bc19dcca-7b13-11e6-b99e-589cfc0654e1dropbear -- multiple vulnerabilities

Matt Johnston reports:

If specific usernames including "%" symbols can be created on a system (validated by getpwnam()) then an attacker could run arbitrary code as root when connecting to Dropbear server. A dbclient user who can control username or host arguments could potentially run arbitrary code as the dbclient user. This could be a problem if scripts or webpages pass untrusted input to the dbclient program.

dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files.

dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts.

dbclient or dropbear server could expose process memory to the running user if compiled with DEBUG_TRACE and running with -v


Discovery 2016-07-12
Entry 2016-09-15
dropbear
< 2016.74

"http://www.openwall.com/lists/oss-security/2016/09/15/2"
CVE-2016-7406
CVE-2016-7407
CVE-2016-7408
CVE-2016-7409
60931f98-55a7-11e7-8514-589cfc0654e1Dropbear -- two vulnerabilities

Matt Johnston reports:

Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user.

Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys.


Discovery 2017-05-18
Entry 2017-07-03
dropbear
< 2017.75

https://matt.ucc.asn.au/dropbear/CHANGES
CVE-2017-9078
CVE-2017-9079