Vulnerability Details : CVE-2005-4178
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.
Vulnerability category: OverflowExecute code
Products affected by CVE-2005-4178
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-4178
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-4178
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
References for CVE-2005-4178
-
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html
Dropbear 0.47 (and security fix)Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/15923/
Third Party Advisory;VDB Entry
-
http://matt.ucc.asn.au/dropbear/dropbear.html
Dropbear SSHPatch;Vendor Advisory
-
http://www.debian.org/security/2005/dsa-923
[SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code executionThird Party Advisory
-
http://www.vupen.com/english/advisories/2005/2962
Site en constructionThird Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml
Dropbear: Privilege escalation (GLSA 200512-13) — Gentoo securityThird Party Advisory
Jump to