More info ? Re: [Full-disclosure] [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution
Florian Weimer
fw at deneb.enyo.de
Mon Dec 19 19:53:43 GMT 2005
* Rodrigo Barbosa:
> On Mon, Dec 19, 2005 at 06:54:40AM +0100, Martin Schulze wrote:
>> A buffer overflow has been discovered in dropbear, a lightweight SSH2
>> server and client, that may allow authenticated users to execute
>> arbitrary code as the server user (usually root).
>
> Does anyone can provide pointers to this issue ? Maybe a paper ?
Look up CVE-2005-4178 in NVD, and you'll find a reference to Matt
Johnston's announcement:
<http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html>
Full-Disclosure is hosted and sponsored by Secunia.