[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Another "user enumeration" in Dropbear
From:       sjw () gmx ! ch
Date:       2018-08-27 19:10:55
Message-ID: b703ec3c-504b-3273-6b4d-3526d07aa4c9 () gmx ! ch
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


Hi

Due the high interests in CVE-2018-15473 ("user enumeration" in
OpenSSH), people may also notice CVE-2018-15599 [1] in Dropbear (popular
on IoT/initramfs).
The issue seems to be very similar. A patch [2] is already available,
but no new releases so far.

Best regards

[1] http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
[2] https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]