Dropbear SSH Server Username Remote Format String

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.


Synopsis :

It is possible to execute arbitrary code on the remote host.

Description :

The remote host is runnning Dropbear SSH.

There is a format string vulnerability in all versions of the Dropbear SSH
server up to and including version 0.34. An attacker may use this flaw to
execute arbitrary code on the remote host.

Solution :

Upgrade to the latest version of the Dropbear SSH server.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 11821 ()

Bugtraq ID: 8439

CVE ID: