Dropbear SSH Memory Corruption Denial of Service and User Enumeration Weakness
PVS ID: 8026 FAMILY: SSH RISK: MEDIUM NESSUS ID:Not Available
Description: Synopsis:\n\nThe remote host is running an SSH server that is vulnerable to multiple issues.\n\nDropbear is an SSH client and server application. The SSH server in versions of Dropbear earlier than 2013.59 are vulnerable potential denial of service due to a memory exhaustion that can be triggered by overly large compressed payloads. Additionally, a user enumeration weakness exists, due to the different response times generated between the login of an existing user versus a nonexistent user. Attackers could leverage this to enumerate logins on the machine.\n\nFor your information, the version of Dropbear SSH detected was : \n%L

Solution: Update to Dropbear version 2013.59 or later.

CVE-2013-4421


Copyright Tenable Network Security Inc. 2013