Security restrictions bypass in dropbear (Alpine package)



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2018-20685
CWE-ID CWE-284
Exploitation vector Network
Public exploit N/A
Vulnerable software
dropbear (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Security restrictions bypass

EUVDB-ID: #VU16946

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-20685

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper validation of filenames by the scp.c source code file in the SCP client . A remote unauthenticated attacker can trick the victim into accessing a file with the filename of . or an empty filename from an attacker-controlled Secure Shell (SSH) server to bypass access restrictions on the system, which could be used to conduct further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

dropbear (Alpine package): 2018.76-r2 - 2019.78-r0

CPE2.3 External links

https://git.alpinelinux.org/aports/commit/?id=e684959dd09576a280eda8616faeb6c3dbd460ff
https://git.alpinelinux.org/aports/commit/?id=de9ffe497547df2da1542ea3ae029fce69296f3e
https://git.alpinelinux.org/aports/commit/?id=5e60bc7b315d1c806baa72e3ca1bd46b273ab664
https://git.alpinelinux.org/aports/commit/?id=27213e7a0a336dad498525d7cd8868aa53d25c71
https://git.alpinelinux.org/aports/commit/?id=07fc0a9367151053d9b6e8ab68fdb3c7501a4873
https://git.alpinelinux.org/aports/commit/?id=cfa04666c50b8dfbe34b6ac8e6b177add54ce649
https://git.alpinelinux.org/aports/commit/?id=12d219e7e12c5bdf2e11ba8e9f10d32843259777
https://git.alpinelinux.org/aports/commit/?id=6df59aea4486cca6f0c089f72e404ee097b49a02
https://git.alpinelinux.org/aports/commit/?id=9730fd967a164b246d18cab2dede31af43c83f08
https://git.alpinelinux.org/aports/commit/?id=e231e6bed510c2304f37093f0eadb5708da9728e


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###