* Rodrigo Barbosa: > On Mon, Dec 19, 2005 at 06:54:40AM +0100, Martin Schulze wrote: >> A buffer overflow has been discovered in dropbear, a lightweight SSH2 >> server and client, that may allow authenticated users to execute >> arbitrary code as the server user (usually root). > > Does anyone can provide pointers to this issue ? Maybe a paper ?
Look up CVE-2005-4178 in NVD, and you'll find a reference to Matt Johnston's announcement: <http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
