Dropbear SSH Server Username Remote Format String

Critical Nessus Plugin ID 11821


It is possible to execute arbitrary code on the remote host.


The remote host is runnning Dropbear SSH.

There is a format string vulnerability in all versions of the Dropbear SSH server up to and including version 0.34. An attacker may use this flaw to execute arbitrary code on the remote host.


Upgrade to the latest version of the Dropbear SSH server.

Plugin Details

Severity: Critical

ID: 11821

File Name: ssh_dropbear.nasl

Version: $Revision: 1.14 $

Type: remote

Family: Misc.

Published: 2003/08/20

Modified: 2011/03/16

Dependencies: 10267

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2003/08/18

Reference Information

BID: 8439

OSVDB: 2429