CVE-2016-7409

NONE EPSS 36.1%
Published Mar 3, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 3, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.

Threat Intelligence

EPSS Exploit Probability
36.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 1

VendorProductVersionRange
dropbear_ssh_projectdropbear_ssh* ≤2016.73

References 5

  • openwall.com http://www.openwall.com/lists/oss-security/2016/09/15/2
    Mailing ListPatchThird Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/92973
    Third Party AdvisoryVDB Entry
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1376353
    Issue Tracking
  • secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04
    Issue TrackingPatchThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201702-23
    PatchThird Party AdvisoryVDB Entry

Remediation

  • openwall.com http://www.openwall.com/lists/oss-security/2016/09/15/2
    Mailing ListPatchThird Party Advisory
  • secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04
    Issue TrackingPatchThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201702-23
    PatchThird Party AdvisoryVDB Entry