Joined: 12 May 2004
|Posted: Wed Jul 20, 2016 9:26 am Post subject: [ GLSA 201607-08 ] Dropbear
|Gentoo Linux Security Advisory
Title: Dropbear: Privilege escalation (GLSA 201607-08)
Date: July 20, 2016
A vulnerability has been found in Dropbear, which allows remote
authenticated users to bypass intended shell-command restrictions.
Dropbear is a relatively small SSH server and client.
Vulnerable: < 2016.73
Unaffected: >= 2016.73
Architectures: All supported architectures
A CRLF injection vulnerability in Dropbear SSH allows remote
authenticated users to bypass intended shell-command restrictions via
crafted X11 forwarding data.
A remote authenticated user could execute arbitrary code with the
privileges of the process.
There is no known workaround at this time.
All Dropbear users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dropbear-2016.73"