cancel
Showing results for 
Search instead for 
Did you mean: 

Dropbear SSH Server < 2016.72 Multiple Vulnerabilities

david_fay_9yn2u
New Contributor
We have found the vulnerability below and I wonder is there an update we can apply to patch against this. We are currently at version 9.10.0.0 build 218.

Vulnerability details as follows:
DescriptionAccording to its self-reported version in its banner, Dropbear SSH running on the remote host is prior to 2016.74. It is, therefore, affected by the following vulnerabilities :

- A format string flaw exists due to improper handling of string format specifiers (e.g., %s and %x) in usernames and host arguments. An unauthenticated, remote attacker can exploit this to execute arbitrary code with root privileges. (CVE-2016-7406)

- A flaw exists in dropbearconvert due to improper handling of specially crafted OpenSSH key files. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-7407)

- A flaw exists in dbclient when handling the -m or -c arguments in scripts. An unauthenticated, remote attacker can exploit this, via a specially crafted script, to execute arbitrary code. (CVE-2016-7408)

- A flaw exists in dbclient or dropbear server if they are compiled with the DEBUG_TRACE option and then run using the -v switch. A local attacker can exploit this to disclose process memory. (CVE-2016-7409)

Solution
Upgrade to Dropbear SSH version 2016.74 or later.

See Also
https://matt.ucc.asn.au/dropbear/CHANGES
2 REPLIES 2

michael_brado
Esteemed Contributor II
Hello David,
   Dropbear is used as the webserver on APs and ZD's SSH, and not on Solo APs, and this
will be fixed in ZD 10.0.  See security advisory on https://www.ruckuswireless.com/security.

Do you know the provisional release date for this? I couldn't see CVE-2016-7406 in these advisories.