Mandriva Linux Security Advisory : dropbear (MDVSA-2013:261)

medium Nessus Plugin ID 70680

Synopsis

The remote Mandriva Linux host is missing a security update.

Description

Updated dropbear package fixes security vulnerability :

Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59 (CVE-2013-4421).

Inconsistent delays in authorization failures could be used to disclose the existence of valid user accounts in dropbear before 2013.59 (CVE-2013-4434).

Solution

Update the affected dropbear package.

See Also

http://advisories.mageia.org/MGASA-2013-0318.html

Plugin Details

Severity: Medium

ID: 70680

File Name: mandriva_MDVSA-2013-261.nasl

Version: 1.7

Type: local

Published: 10/29/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:dropbear, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/28/2013

Reference Information

CVE: CVE-2013-4421, CVE-2013-4434

BID: 62958, 62993

MDVSA: 2013:261