CVE-2017-9078

Sažetak

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.

Reference

http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html
http://www.debian.org/security/2017/dsa-3859
https://security.netapp.com/advisory/ntap-20191004-0006/

CVSS

Base:	8.5
Impact:	10.0
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-07-2022 - 17:11

Objavljeno

19-05-2017 - 14:29