Executive Summary

Summary
Title Dropbear: Multiple vulnerabilities
Informations
Name GLSA-201309-20 First vendor Publication 2013-09-26
Vendor Gentoo Last vendor Modification 2013-09-26
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:S/C:C/I:C/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 10 Attack Complexity High
Cvss Expoit Score 3.9 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in Dropbear, the worst of which could lead to arbitrary code execution.

Background

Dropbear is an SSH server and client designed with a small memory footprint.

Description

Multiple vulnerabilities have been discovered in Dropbear. Please review the CVE identifier and Gentoo bug referenced below for details.

Impact

A remote attacker could send a specially crafted request to trigger a use-after-free condition, possibly resulting in arbitrary code execution or a Denial of Service condition. Additionally, the bundled version of libtommath has an error in its prime number generation, which could result in the generation of weak keys.

Workaround

There is no known workaround at this time.

Resolution

All Dropbear users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dropbear-2012.55"

References

[ 1 ] CVE-2012-0920 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0920
[ 2 ] libtommath Gentoo bug https://bugs.gentoo.org/show_bug.cgi?id=328383

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201309-20.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201309-20.xml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18111
 
Oval ID: oval:org.mitre.oval:def:18111
Title: DSA-2456-1 dropbear - use after free
Description: Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code. Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place.
Family: unix Class: patch
Reference(s): DSA-2456-1
CVE-2012-0920
 Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): dropbear
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 2

OpenVAS Exploits

Date Description
2013-09-18 Name : Debian Security Advisory DSA 2456-1 (dropbear - use after free)
File : nvt/deb_2456_1.nasl
2012-07-30 Name : Fedora Update for dropbear FEDORA-2012-10934
File : nvt/gb_fedora_2012_10934_dropbear_fc16.nasl
2012-03-12 Name : FreeBSD Ports: dropbear
File : nvt/freebsd_dropbear.nasl

Nessus® Vulnerability Scanner

Date Description
2013-09-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201309-20.nasl - Type : ACT_GATHER_INFO
2012-07-30 Name : The remote Fedora host is missing a security update.
File : fedora_2012-10934.nasl - Type : ACT_GATHER_INFO
2012-04-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2456.nasl - Type : ACT_GATHER_INFO
2012-03-05 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_eba70db4664011e198af00262d8b701d.nasl - Type : ACT_GATHER_INFO
2012-03-01 Name : The remote host is affected by a remote code execution vulnerability.
File : dropbear_ssh_55.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:37:46
  • Multiple Updates
2013-09-27 05:19:11
  • First insertion