[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Another "user enumeration" in Dropbear
From: sjw () gmx ! ch
Date: 2018-08-27 19:10:55
Message-ID: b703ec3c-504b-3273-6b4d-3526d07aa4c9 () gmx ! ch
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
Hi
Due the high interests in CVE-2018-15473 ("user enumeration" in
OpenSSH), people may also notice CVE-2018-15599 [1] in Dropbear (popular
on IoT/initramfs).
The issue seems to be very similar. A patch [2] is already available,
but no new releases so far.
Best regards
[1] http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
[2] https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic