Dropbear SSH Server < 2016.72 xauth Command Injection

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote SSH service is affected by a command injection
vulnerability.

Description :

According to its self-reported version in the banner, the version of
Dropbear SSH running on the remote host is prior to 2016.72. It is,
therefore, affected by a command injection vulnerability when X11
Forwarding is enabled, due to improper sanitization of X11
authentication credentials. An authenticated, remote attacker can
exploit this to execute arbitrary xauth commands on the remote host.

Note that X11 Forwarding is not enabled by default.

See also :

https://matt.ucc.asn.au/dropbear/CHANGES
http://seclists.org/fulldisclosure/2016/Mar/47
http://www.nessus.org/u?c1e20657

Solution :

Upgrade to Dropbear SSH version 2016.72 or later.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 90027 ()

Bugtraq ID:

CVE ID: CVE-2016-3116

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now