#VU14820 Double Free in Dropbear - CVE-2017-9078
Published: September 21, 2018
Vulnerability identifier: #VU14820
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-9078
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Dropbear
Dropbear
Software vendor:
Matt Johnston
Matt Johnston
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a double free in cleanup of TCP listeners when the -a option is enabled. The vulnerability allows a remote authenticated attacker to trigger double free error and execute arbitrary code on the target system with root privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.