CVE-2016-7408Improper Access Control in Dropbear

CWE-284Improper Access Control5 documents5 sources
Severity
8.8HIGHNVD
EPSS
1.5%
top 18.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dropbear SSH Project Dropbear SSHDebian Dropbear
Timeline
PublishedMar 3
Latest updateMay 17

Description

The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/dropbear< dropbear 2016.74-1 (bookworm)
Debiandropbear_ssh_project/dropbear_ssh< 2016.74-1+3

Patches

Patch: secure.ucc.asn.auPatch: security.gentoo.orgPatch: secure.ucc.asn.au

🔴Vulnerability Details

2
GHSA
GHSA-2qq2-3mq9-pfmj: The dbclient in Dropbear SSH before 20162022-05-17
OSV
CVE-2016-7408: The dbclient in Dropbear SSH before 20162017-03-03

📋Vendor Advisories

1
Debian
CVE-2016-7408: dropbear - The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute a...2016

💬Community

1
Bugzilla
CVE-2016-7406 CVE-2016-7407 CVE-2016-7408 CVE-2016-7409 dropbear: Multiple issues fixed in dropbear 2016.742016-09-15