CVE-2016-7408
NONE EPSS 89.2%
Published Mar 3, 20179y ago · Modified Jun 17, 20262w ago
Published Mar 3, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
Threat Intelligence
EPSS Exploit Probability
89.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-284
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| dropbear_ssh_project | dropbear_ssh | * | ≤2016.73 |
References 5
- openwall.com http://www.openwall.com/lists/oss-security/2016/09/15/2
- securityfocus.com http://www.securityfocus.com/bid/92970
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1376353
- secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
- security.gentoo.org https://security.gentoo.org/glsa/201702-23
Remediation
- secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
- security.gentoo.org https://security.gentoo.org/glsa/201702-23