Dropbear SSH Server DSS Verification Failure Remote Privilege Escalation

High Nessus Plugin ID 14234


Arbitrary code may be run on the remote host.


The remote host is running Dropbear prior to version 0.43. There is a flaw in this version of Dropbear that could enable a remote attacker to gain control of the system from a remote location.


Upgrade to at least version 0.43 of Dropbear.

See Also


Plugin Details

Severity: High

ID: 14234

File Name: dropbear_ssh.nasl

Version: $Revision: 1.20 $

Type: remote

Published: 2004/08/09

Modified: 2016/10/17

Dependencies: 10267

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:ND/RC:C

Vulnerability Information

CPE: cpe:/a:matt_johnston:dropbear_ssh_server

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2004/07/16

Reference Information

CVE: CVE-2004-2486

BID: 10803

OSVDB: 8137