CVE-2016-7406
Published: 3 March 2017
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
Priority
Status
Package | Release | Status |
---|---|---|
dropbear Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(2016.74-1)
|
bionic |
Not vulnerable
(2016.74-1)
|
|
cosmic |
Not vulnerable
(2016.74-1)
|
|
disco |
Not vulnerable
(2016.74-1)
|
|
eoan |
Not vulnerable
(2016.74-1)
|
|
focal |
Not vulnerable
(2016.74-1)
|
|
groovy |
Not vulnerable
(2016.74-1)
|
|
hirsute |
Not vulnerable
(2016.74-1)
|
|
impish |
Not vulnerable
(2016.74-1)
|
|
jammy |
Not vulnerable
(2016.74-1)
|
|
kinetic |
Not vulnerable
(2016.74-1)
|
|
lunar |
Not vulnerable
(2016.74-1)
|
|
mantic |
Not vulnerable
(2016.74-1)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(2016.74-1)
|
|
xenial |
Needed
|
|
yakkety |
Not vulnerable
(2016.74-1)
|
|
zesty |
Not vulnerable
(2016.74-1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |