Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Dropbear SSH Server < 2012.55 RCE

High

Synopsis

The remote ssh service is affected by a remote code execution (RCE) attack vector.

Description

Dropbear, an SSH server, is installed on the remote host. Versions of Dropbear SSH prior to 2012.55 contain a flaw that might allow an attacker to run arbitrary code on the remote host with root privileges if they are authenticated using a public key and command restriction is enforced.

Solution

Upgrade to Dropbear SSH 2012.55 or later.