CVE-2016-7406
critical
CVSS v3
9.8
CVSS v2
10.0
VIR risk
9.8
Description
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-7406
Vendor advisory: cve@mitre.org — https://security.gentoo.org/glsa/201702-23
Vendor advisory: cve@mitre.org — https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
Vendor advisory: cve@mitre.org — http://www.openwall.com/lists/oss-security/2016/09/15/2
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 2016.74-1 |
| debian | bullseye | fixed | 2016.74-1 |
| debian | forky | fixed | 2016.74-1 |
| debian | sid | fixed | 2016.74-1 |
| debian | trixie | fixed | 2016.74-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| dropbear_ssh_project | dropbear_ssh | {"endIncluding":"2016.73"} | |
References
- http://www.openwall.com/lists/oss-security/2016/09/15/2
- http://www.securityfocus.com/bid/92974
- https://bugzilla.redhat.com/show_bug.cgi?id=1376353
- https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
- https://security.gentoo.org/glsa/201702-23
- http://seclists.org/fulldisclosure/2024/Aug/35
- https://security-tracker.debian.org/tracker/CVE-2016-7406
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.