Launchpad CVE tracker

CVE 2016-7406

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.

Related bugs and status

CVE-2016-7406 (Candidate) is related to these bugs:

Bug #1643638: CVE-2016-7406 - remote code execution in dropbear SSH

Summary				In	Importance	Status
	1643638	CVE-2016-7406 - remote code execution in dropbear SSH		dropbear (Ubuntu)	Undecided	Expired

Bug #1660672: Security flaws in dropbear prior to v2016.74

Summary				In	Importance	Status
	1660672	Security flaws in dropbear prior to v2016.74		dropbear (Ubuntu)	Undecided	Expired

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016091...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://secure.ucc.asn...
GENTOO: GLSA-201702-23
BID: 92974

Launchpad.net

CVE 2016-7406

Related bugs and status

Related bugs

References