Full Disclosure mailing list archives
More info ? Re: [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution
From: Rodrigo Barbosa <rodrigob () suespammers org>
Date: Mon, 19 Dec 2005 14:10:22 -0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Dec 19, 2005 at 06:54:40AM +0100, Martin Schulze wrote:
A buffer overflow has been discovered in dropbear, a lightweight SSH2 server and client, that may allow authenticated users to execute arbitrary code as the server user (usually root).
Does anyone can provide pointers to this issue ? Maybe a paper ? I'm kind of worried, since dropbear is used on openwrt. []s - -- Rodrigo Barbosa <rodrigob () suespammers org> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDptttpdyWzQ5b5ckRAtKZAJ9nZVU4I8F7+oxM6mipCzzb/o2IkACeKLq+ kriWAndC47CW6jUigWzOJZQ= =/9fZ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution Martin Schulze (Dec 18)
- More info ? Re: [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution Rodrigo Barbosa (Dec 19)
- Re: More info ? Re: [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution Florian Weimer (Dec 19)
- More info ? Re: [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution Rodrigo Barbosa (Dec 19)