vulnerability

FreeBSD: VID-60931f98-55a7-11e7-8514-589cfc0654e1 (CVE-2017-9078): Dropbear -- two vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:S/C:C/I:C/A:C)	Jul 3, 2017	Jul 4, 2017	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:C/A:C)

Published

Jul 3, 2017

Added

Jul 4, 2017

Modified

Dec 10, 2025

Description

Matt Johnston reports: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys.

Solution

freebsd-upgrade-package-dropbear

References

CVE-2017-9078
https://attackerkb.com/topics/CVE-2017-9078
CWE-415

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today