Dropbear SSH Server Username Remote Format String Buffer Overflow Network Vulnerability

Summary

This host is installed with Dropbear SSH Server and is prone to a username remote format string buffer overflow.

Impact

By attempting to log on to a Dropbear Server with a username containing a format specifier, a remote attacker can overwrite arbitrary memory addresses and execute arbitrary code resulting in a loss of integrity.

Solution

Updates are available.

Insight

The program fails to perform proper bounds checking resulting in a format string buffer overflow.

Affected

Versions prior to Dropbear SSH Server 0.35 are vulnerable.

Detection

Check the version.

References

http://osvdb.org/show/osvdb/2429
http://www.exploit-db.com/exploits/387/
http://www.securityfocus.com/bid/8439
https://matt.ucc.asn.au/dropbear/dropbear.html

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)

Take action and discover your vulnerabilities