Main Vulnerability Database Vulnerabilities #VU14820

Double Free in Dropbear - CVE-2017-9078

Published: September 21, 2018

Vulnerability identifier: #VU14820

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-9078

CWE-ID: CWE-415

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Matt Johnston

Affected software:
Dropbear

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a double free in cleanup of TCP listeners when the -a option is enabled. The vulnerability allows a remote authenticated attacker to trigger double free error and execute arbitrary code on the target system with root privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2017-9078

Install update from vendor's website.

Double Free in Dropbear - CVE-2017-9078

Detailed vulnerability description

How to mitigate CVE-2017-9078

Sources

Please verify you're human