VULHUB ™

A remote vulnerability has been discovered in Dropbear SSH Server that could allow an attacker to execute arbitrary code on a target system. The issue lies in a format string error while calling the syslog() function during the authentication stage. As a result of this bug, an attacker may be capable of passing specifically calculated format specifiers embedded within the supplied username. When this value is later stored in a buffer and passed to an incorrectly formatted call to the syslog() function, the attacker-supplied format specifiers be interpreted and thus influence the flow of execution within the program; ultimately resulting in the execution of arbitrary code. This vulnerability affects Dropbear SSH Server v0.34 and earlier.

A remote vulnerability has been discovered in Dropbear SSH Server that could allow an attacker to execute arbitrary code on a target system. The issue lies in a format string error while calling the syslog() function during the authentication stage. As a result of this bug, an attacker may be capable of passing specifically calculated format specifiers embedded within the supplied username. When this value is later stored in a buffer and passed to an incorrectly formatted call to the syslog() function, the attacker-supplied format specifiers be interpreted and thus influence the flow of execution within the program; ultimately resulting in the execution of arbitrary code. This vulnerability affects Dropbear SSH Server v0.34 and earlier.