oss-sec mailing list archives
Another "user enumeration" in Dropbear
From: sjw () gmx ch
Date: Mon, 27 Aug 2018 21:10:55 +0200
Hi Due the high interests in CVE-2018-15473 ("user enumeration" in OpenSSH), people may also notice CVE-2018-15599 [1] in Dropbear (popular on IoT/initramfs). The issue seems to be very similar. A patch [2] is already available, but no new releases so far. Best regards [1] http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html [2] https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Another "user enumeration" in Dropbear sjw (Aug 27)