The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
References
Link | Resource |
---|---|
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html | Mailing List Patch Third Party Advisory |
http://www.debian.org/security/2017/dsa-3859 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20191004-0006/ | Third Party Advisory |
Configurations
History
11 Jul 2022, 17:11
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20191004-0006/ - Third Party Advisory | |
CPE | cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Netapp h410c Firmware
Netapp Netapp h410c |
|
CVSS |
v2 : v3 : |
v2 : 8.5
v3 : 8.8 |
Information
Published : 2017-05-19 14:29
Updated : 2023-12-10 12:01
NVD link : CVE-2017-9078
Mitre link : CVE-2017-9078
CVE.ORG link : CVE-2017-9078
JSON object : View
Products Affected
debian
- debian_linux
netapp
- h410c
- h410c_firmware
dropbear_ssh_project
- dropbear_ssh
CWE
CWE-415
Double Free