Dropbear SSH Server < 0.48.0 DoS

Medium Nessus Network Monitor Plugin ID 3466

Synopsis

The remote SSH server is susceptible to denial of service attacks.

Description

The remote host is running Dropbear, a small, open-source SSH server. The version of Dropbear installed on the remote host is prior to 0.48.0, and by default, has a limit of 30 connections in the authorization-pending state; subsequent connections are closed immediately. An unauthenticated attacker can saturate the service with multiple connections pending authorization, thereby denying service to legitimate users.

Solution

Upgrade to version 0.48.0 or higher.

See Also

http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042849.html

http://www.securityfocus.com/archive/1/426999/30/0/threaded

Plugin Details

Severity: Medium

ID: 3466

Family: SSH

Published: 2006/03/08

Modified: 2018/04/19

Dependencies: 700029, 3059

Nessus ID: 21023

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:matt_johnston:dropbear_ssh_server

Reference Information

CVE: CVE-2006-1206

BID: 17024