mirror of
https://github.com/LiBwrt-op/openwrt-6.x.git
synced 2026-01-08 20:24:51 +00:00
4e8c6f3407
- Security: Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system (validated by getpwnam()) then an attacker could run arbitrary code as root when connecting to Dropbear server. A dbclient user who can control username or host arguments could potentially run arbitrary code as the dbclient user. This could be a problem if scripts or webpages pass untrusted input to the dbclient program. - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files - Security: dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts. - Security: dbclient or dropbear server could expose process memory to the running user if compiled with DEBUG_TRACE and running with -v The security issues were reported by an anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html Signed-off-by: Jo-Philipp Wich <jo@mein.io> |
||
|---|---|---|
| .. | ||
| authsae | ||
| dnsmasq | ||
| dropbear | ||
| ead | ||
| hostapd | ||
| igmpproxy | ||
| ipset-dns | ||
| lldpd | ||
| mdns | ||
| odhcpd | ||
| omcproxy | ||
| openvpn | ||
| openvpn-easy-rsa | ||
| ppp | ||
| relayd | ||
| samba36 | ||
| uhttpd | ||