[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More info ? Re: [Full-disclosure] [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution

To: Rodrigo Barbosa <rodrigob@xxxxxxxxxxxxxxx>
Subject: Re: More info ? Re: [Full-disclosure] [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution
From: Florian Weimer <fw@xxxxxxxxxxxxx>
Date: Mon, 19 Dec 2005 20:53:43 +0100

* Rodrigo Barbosa:

> On Mon, Dec 19, 2005 at 06:54:40AM +0100, Martin Schulze wrote:
>> A buffer overflow has been discovered in dropbear, a lightweight SSH2
>> server and client, that may allow authenticated users to execute
>> arbitrary code as the server user (usually root).
>
> Does anyone can provide pointers to this issue ? Maybe a paper ?

Look up CVE-2005-4178 in NVD, and you'll find a reference to Matt
Johnston's announcement:

<http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution
  - From: Martin Schulze
- More info ? Re: [Full-disclosure] [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution
  - From: Rodrigo Barbosa

Prev by Date: Re: [Full-disclosure] [Clips] A small editorial about recent events. (fwd)
Next by Date: Re: [Full-disclosure] .An uncontrolled fiscal crisis.. America.s future under George Bush.
Previous by thread: More info ? Re: [Full-disclosure] [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution
Next by thread: [Full-disclosure] Re: Report to Recipient(s): Banned Content
Index(es):
- Date
- Thread