Mercurial > dropbear
comparison CHANGES @ 1345:1a3c4ec0f840
add cve and patch link
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 20 May 2017 10:27:29 +0800 |
| parents | c31276613181 |
| children | b19877938d6a |
comparison
equal
deleted
inserted
replaced
| 1343:bbc0a0ee3843 | 1345:1a3c4ec0f840 |
|---|---|
| 3 - Security: Fix double-free in server TCP listener cleanup | 3 - Security: Fix double-free in server TCP listener cleanup |
| 4 A double-free in the server could be triggered by an authenticated user if | 4 A double-free in the server could be triggered by an authenticated user if |
| 5 dropbear is running with -a (Allow connections to forwarded ports from any host) | 5 dropbear is running with -a (Allow connections to forwarded ports from any host) |
| 6 This could potentially allow arbitrary code execution as root by an authenticated user. | 6 This could potentially allow arbitrary code execution as root by an authenticated user. |
| 7 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. | 7 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. |
| 8 CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c | |
| 8 | 9 |
| 9 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. | 10 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. |
| 10 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix | 11 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix |
| 11 is to switch to user permissions when opening authorized_keys | 12 is to switch to user permissions when opening authorized_keys |
| 12 | 13 |
| 14 couldn't normally read. If they managed to get that file to contain valid | 15 couldn't normally read. If they managed to get that file to contain valid |
| 15 authorized_keys with command= options it might be possible to read other | 16 authorized_keys with command= options it might be possible to read other |
| 16 contents of that file. | 17 contents of that file. |
| 17 This information disclosure is to an already authenticated user. | 18 This information disclosure is to an already authenticated user. |
| 18 Thanks to Jann Horn of Google Project Zero for reporting this. | 19 Thanks to Jann Horn of Google Project Zero for reporting this. |
| 20 CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 | |
| 19 | 21 |
| 20 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync | 22 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync |
| 21 Thanks to Andrei Gherzan for a patch | 23 Thanks to Andrei Gherzan for a patch |
| 22 | 24 |
| 23 - Fix out of tree builds with bundled libtom | 25 - Fix out of tree builds with bundled libtom |