Summary
This host is installed with Dropbear SSH and
is prone to multiple vulnerabilities.
Impact
The flaws allows remote attackers to cause a denial of service (connection slot exhaustion) and local attackers to execute arbitrary commands.
Solution
Updates are available.
Insight
Multiple flaws are due to,
- A large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30 is possible.
- The shipped scp command of OpenSSH 4.2p1 expands filenames that contain shell metacharacters or spaces twice.
Affected
Versions prior to Dropbear SSH 0.48 are vulnerable.
Detection
Check the version.
References
Severity
Classification
-
CVE CVE-2006-0225, CVE-2006-1206 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apple Safari WebKit Information Disclosure Vulnerability (Windows)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
- Apache Tomcat AJP Request Remote Denial Of Service Vulnerability
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)