Reset Search
 

 

Article

Dropbear Vulnerability detected on Security Scan

« Go Back

Information

 
TitleDropbear Vulnerability detected on Security Scan
Symptoms
Dropbear SSH running on hosts prior to version 2016.72 are affected by a command injection vulnerability. The vulnerability is detected by a security scan, such as Nessus Vulnerability Scanner, when scanned on IdentiFi products.

Nessus reports the following:
SSH-2.0=dropbear_2013.62 upgrade to 2016.74
 
Environment
IdentiFi v09.21.08.0013
Cause
When X11 Forwarding is enabled, due to improper use of X11 authentication credentials. An exploit can be executed due to arbitrary xauth commands on the remote host. Dropbear SSH running on the remote host prior to version 2016.74 are affected by the following vulnerabilities:
  • A format string flaw exists due to improper handling of string format specifiers (e.g., %s and %x) in usernames and host arguments. An unauthenticated, remote attacker can exploit this to execute arbitrary code with root privileges. (CVE-2016-7406).
  • A flaw exists in dropbearconvert due to improper handling of specially crafted OpenSSH key files. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-7407)
  • A flaw exists in dbclient when handling the -m or -c arguments in scripts. An unauthenticated, remote attacker can exploit this, via a specially crafted script, to execute arbitrary code. (CVE-2016-7408)
  • A flaw exists in dbclient or dropbear server if they are compiled with the DEBUG_TRACE option and then run using the -v switch. A local attacker can exploit this to disclose process memory. (CVE-2016-7409)
Resolution
Upgrade to IdentiFi v10.21.01 or v9.21.15 to address the vulnerability.  Version 2016.74 or greater of Dropbear is used in the IdentiFi release.
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255