Vulnerability Description
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dropbear Ssh Project | Dropbear Ssh | < 0.47 |
| Debian | Debian Linux | 3.0 |
References
- http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.htmlPatchVendor Advisory
- http://matt.ucc.asn.au/dropbear/dropbear.htmlPatchVendor Advisory
- http://secunia.com/advisories/18108Third Party Advisory
- http://secunia.com/advisories/18109Third Party Advisory
- http://secunia.com/advisories/18142Third Party Advisory
- http://www.debian.org/security/2005/dsa-923Third Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200512-13.xmlThird Party Advisory
- http://www.securityfocus.com/bid/15923/Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2005/2962Third Party Advisory
- http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.htmlPatchVendor Advisory
- http://matt.ucc.asn.au/dropbear/dropbear.htmlPatchVendor Advisory
- http://secunia.com/advisories/18108Third Party Advisory
- http://secunia.com/advisories/18109Third Party Advisory
- http://secunia.com/advisories/18142Third Party Advisory
- http://www.debian.org/security/2005/dsa-923Third Party Advisory
FAQ
What is CVE-2005-4178?
CVE-2005-4178 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression...
How severe is CVE-2005-4178?
CVE-2005-4178 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4178?
Check the references section above for vendor advisories and patch information. Affected products include: Dropbear Ssh Project Dropbear Ssh, Debian Debian Linux.