Dropbear SSH Server < 0.48.0 DoS
Medium Nessus Network Monitor Plugin ID 3466
SynopsisThe remote SSH server is susceptible to denial of service attacks.
DescriptionThe remote host is running Dropbear, a small, open-source SSH server. The version of Dropbear installed on the remote host is prior to 0.48.0, and by default, has a limit of 30 connections in the authorization-pending state; subsequent connections are closed immediately. An unauthenticated attacker can saturate the service with multiple connections pending authorization, thereby denying service to legitimate users.
SolutionUpgrade to version 0.48.0 or higher.