Vulnerability Description
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dropbear Ssh Project | Dropbear Ssh | < 2017.75 |
| Debian | Debian Linux | 8.0 |
| Netapp | H410C Firmware | - |
| Netapp | H410C | - |
Related Weaknesses (CWE)
References
- http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.htmlMailing ListPatchThird Party Advisory
- http://www.debian.org/security/2017/dsa-3859Third Party Advisory
- https://security.netapp.com/advisory/ntap-20191004-0006/Third Party Advisory
- http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.htmlMailing ListPatchThird Party Advisory
- http://www.debian.org/security/2017/dsa-3859Third Party Advisory
- https://security.netapp.com/advisory/ntap-20191004-0006/Third Party Advisory
FAQ
What is CVE-2017-9078?
CVE-2017-9078 is a vulnerability with a CVSS score of 8.8 (HIGH). The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
How severe is CVE-2017-9078?
CVE-2017-9078 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9078?
Check the references section above for vendor advisories and patch information. Affected products include: Dropbear Ssh Project Dropbear Ssh, Debian Debian Linux, Netapp H410C Firmware, Netapp H410C.