Full Disclosure mailing list archives
Re: More info ? Re: [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 19 Dec 2005 20:53:43 +0100
* Rodrigo Barbosa:
On Mon, Dec 19, 2005 at 06:54:40AM +0100, Martin Schulze wrote:A buffer overflow has been discovered in dropbear, a lightweight SSH2 server and client, that may allow authenticated users to execute arbitrary code as the server user (usually root).Does anyone can provide pointers to this issue ? Maybe a paper ?
Look up CVE-2005-4178 in NVD, and you'll find a reference to Matt Johnston's announcement: <http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution Martin Schulze (Dec 18)
- More info ? Re: [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution Rodrigo Barbosa (Dec 19)
- Re: More info ? Re: [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution Florian Weimer (Dec 19)
- More info ? Re: [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution Rodrigo Barbosa (Dec 19)