Dropbear SSH Authorization-pending Connection Saturation DoS
Medium Nessus Plugin ID 21023
SynopsisThe remote SSH server is susceptible to denial of service attacks.
DescriptionThe remote host is running Dropbear, a small, open source SSH server.
The version of Dropbear installed on the remote host, by default, has a limit of 30 connections in the authorization-pending state; subsequent connections are closed immediately. This issue can be exploited trivially by an unauthenticated attacker to deny service to legitimate users.
SolutionUpgrade to Dropbear 0.48 or later.