SSH Dropbear before 0.47

Support section for FREESCO v0.4.x

SSH Dropbear before 0.47

Postby Dutchblack » Mon Nov 21, 2011 6:21 am

Hi ,

I have recieved this message from a mcafee secure report does this aply for us?

According to its banner, the remote host is runnning a version of
Dropbear SSH before 0.47. Such versions contain a buffer allocation
error that may allow an authenticated user to gain elevated
privileges.
User avatar
Dutchblack
Senior Member
 
Posts: 78
Joined: Sat May 04, 2002 7:21 pm
Location: The Netherlands

Re: SSH Dropbear before 0.47

Postby Lightning » Mon Nov 21, 2011 10:38 pm

The buffer overflow issue is patched in FREESCO's version of Dropbear.
The reason that we are still running 0.44 in FREESCO is because of a change that Matt made in the compiling components of Dropbear in 0.45. However I have been on there mailing list since we started using Dropbear and I have manually patched various files anytime there have been any issues found. You will notice that the true version of Dropbear in FREESCO is "Dropbear-0.44-Freesco-p51" which means patched to version 0.51 even though the base version started as 0.44. There is of course LOTS of other changes to Dropbear that have never been in any standard version of Dropbear. But most of those have to do with size and some with specific functionality.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 12080
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA


Return to FREESCO Support for v0.4.x

Who is online

Users browsing this forum: No registered users and 1 guest

cron