CVE-2016-7406
published 2017-03-03CVE-2016-7406: Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username…
PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
10.49%
95.2th percentile
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dropbear | < dropbear 2016.74-1 (bookworm) | dropbear 2016.74-1 (bookworm) |
| dropbear_ssh_project | dropbear_ssh | <= 2016.73 | — |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2016.74-1 | 2016.74-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2016.74-1 | 2016.74-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2016.74-1 | 2016.74-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2016.74-1 | 2016.74-1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector targets format string specifiers injected into the username or host argument of Dropbear SSH connections; monitor SSH authentication logs for usernames or hostnames containing printf-style format specifiers (e.g., %s, %x, %n) ↗
- ·Vulnerability is fixed in Dropbear SSH version 2016.74; any instance running a version prior to 2016.74 is vulnerable and should be prioritized for patching ↗
- ·Debian packages resolved this in version 2016.74-1 across bookworm, bullseye, forky, sid, and trixie; verify installed package version on Debian-based systems ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2016-7406: dropbear - Format string vulnerability in Dropbear SSH before 2016.74 allows remote attacke...
vendor_debian·2016·CVSS 9.8
CVE-2016-7406 [CRITICAL] CVE-2016-7406: dropbear - Format string vulnerability in Dropbear SSH before 2016.74 allows remote attacke...
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
Scope: local
bookworm: resolved (fixed in 2016.74-1)
bullseye: resolved (fixed in 2016.74-1)
forky: resolved (fixed in 2016.74-1)
sid: resolved (fixed in 2016.74-1)
trixie: resolved (fixed in 2016.74-1)
GHSA
GHSA-jvpx-9hv9-4qf6: Format string vulnerability in Dropbear SSH before 2016
ghsa_unreviewed·2022-05-17
CVE-2016-7406 [CRITICAL] CWE-20 GHSA-jvpx-9hv9-4qf6: Format string vulnerability in Dropbear SSH before 2016
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
OSV
CVE-2016-7406: Format string vulnerability in Dropbear SSH before 2016
osv·2017-03-03·CVSS 9.8
CVE-2016-7406 [CRITICAL] CVE-2016-7406: Format string vulnerability in Dropbear SSH before 2016
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
No detection rules found.
No public exploits indexed.
http://www.openwall.com/lists/oss-security/2016/09/15/2http://www.securityfocus.com/bid/92974https://bugzilla.redhat.com/show_bug.cgi?id=1376353https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcbhttps://security.gentoo.org/glsa/201702-23http://seclists.org/fulldisclosure/2024/Aug/35http://www.openwall.com/lists/oss-security/2016/09/15/2http://www.securityfocus.com/bid/92974https://bugzilla.redhat.com/show_bug.cgi?id=1376353https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcbhttps://security.gentoo.org/glsa/201702-23
2017-03-03
Published