Dropbear SSH Server Multiple Security Vulnerabilities Network Vulnerability

Summary

This host is installed with Dropbear SSH Server and is prone to multiple vulnerabilities.

Impact

The flaws allows remote attackers to cause a denial of service or to discover valid usernames.

Solution

Updates are available.

Insight

Multiple flaws are due to, - The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed. - Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists.

Affected

Versions prior to Dropbear SSH Server 2013.59 are vulnerable.

Detection

Check the version.

References

http://www.securityfocus.com/bid/62958
https://matt.ucc.asn.au/dropbear/dropbear.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-4421, CVE-2013-4434

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Tomcat Remote Code Execution Vulnerability - Sep14
Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)
Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
Adobe Reader Information Disclosure & Denial of Service Vulnerabilities (Windows)

Take action and discover your vulnerabilities