Dropbear 0.47 (and security fix)

Matt Johnston matt at ucc.asn.au
Sun Dec 11 23:30:02 WST 2005 

Hi all.

I've put up a new release 0.47 of Dropbear, which has
various fixes and new features - see the change summary
below. 
http://matt.ucc.asn.au/dropbear/dropbear.html is the
url as usual or directly at 
http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2

This release also fixes a potential security issue, which
may allow authenticated users to run arbitrary code as the
server user. I'm unsure exactly how likely it is to be
exploitable, but anyone who's running a multi-user server is
advised to upgrade. For older releases, the patch is:
(against chanesssion.c for 0.43 and earlier).

--- svr-chansession.c
+++ svr-chansession.c
@@ -810,7 +810,7 @@
 	/* need to increase size */
 	if (i == svr_ses.childpidsize) {
 		svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
-				sizeof(struct ChildPid) * svr_ses.childpidsize+1);
+				sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
 		svr_ses.childpidsize++;
 	}
 	

Matt


0.47 - Thurs Dec 8 2005

- SECURITY: fix for buffer allocation error in server code, could potentially
  allow authenticated users to gain elevated privileges. All multi-user systems
  running the server should upgrade (or apply the patch available on the
  Dropbear webpage).

- Fix channel handling code so that redirecting to /dev/null doesn't use
  100% CPU.

- Turn on zlib compression for dbclient.

- Set "low delay" TOS bit, can significantly improve interactivity
  over some links.

- Added client keyboard-interactive mode support, allows operation with
  newer OpenSSH servers in default config.

- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions

- Improve logging of assertions

- Added aes-256 cipher and sha1-96 hmac.

- Fix twofish so that it actually works.

- Improve PAM prompt comparison.

- Added -g (dbclient) and -a (dropbear server) options to allow
  connections to listening forwarded ports from remote machines.

- Various other minor fixes

- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
  (netinet/in_systm.h needs to be included).

More information about the Dropbear mailing list