Dropbear SSH Memory Corruption Denial of Service and User Enumeration Weakness

medium Nessus Network Monitor Plugin ID 8026

Synopsis

The remote host is running an SSH server that is vulnerable to multiple issues.

Description

Dropbear is an SSH client and server application. The SSH server in versions of Dropbear earlier than 2013.59 are vulnerable potential denial of service due to a memory exhaustion that can be triggered by overly large compressed payloads. Additionally, a user enumeration weakness exists, due to the different response times generated between the login of an existing user versus a nonexistent user. Attackers could leverage this to enumerate logins on the machine.

Solution

Update to Dropbear version 2013.59 or later.

See Also

http://seclists.org/oss-sec/2013/q4/75

https://matt.ucc.asn.au/dropbear/CHANGES

http://seclists.org/oss-sec/2013/q4/63

https://secure.ucc.asn.au/hg/dropbear/rev/a625f9e135a4

Plugin Details

Severity: Medium

ID: 8026

Family: SSH

Published: 10/11/2013

Updated: 3/6/2019

Nessus ID: 70545

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:matt_johnston:dropbear_ssh_server

Patch Publication Date: 10/4/2013

Vulnerability Publication Date: 10/4/2013

Reference Information

CVE: CVE-2013-4421

BID: 62993, 62958