CVE-2016-7408

NONE EPSS 89.2%
Published Mar 3, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 3, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.

Threat Intelligence

EPSS Exploit Probability
89.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-284

Affected Products 1

VendorProductVersionRange
dropbear_ssh_projectdropbear_ssh* ≤2016.73

References 5

  • openwall.com http://www.openwall.com/lists/oss-security/2016/09/15/2
    Mailing ListThird Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/92970
    Third Party AdvisoryVDB Entry
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1376353
    Issue Tracking
  • secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
    Issue TrackingPatchThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201702-23
    PatchThird Party AdvisoryVDB Entry

Remediation

  • secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
    Issue TrackingPatchThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201702-23
    PatchThird Party AdvisoryVDB Entry