Dropbear SSH < 2016.72.0 Command Injection

medium Nessus Network Monitor Plugin ID 700027

Synopsis

The remote host is running an outdated SSH server that is vulnerable to a Command Injection attack vector.

Description

Dropbear is an SSH client and server application. Versions of Dropbear SSH server prior to 2016.72.0 are potentially vulnerable to a flaw when X11Forwarding is enabled that is due to the system failing to sanitize X11 authentication credentials. This may allow an authenticated remote attacker to inject arbitrary xauth commands.

Solution

Update to Dropbear version 2016.72.0 or later.

See Also

http://matt.ucc.asn.au/dropbear/CHANGES

https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116

Plugin Details

Severity: Medium

ID: 700027

Family: SSH

Published: 3/28/2017

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:matt_johnston:dropbear_ssh_server

Patch Publication Date: 3/9/2016

Vulnerability Publication Date: 3/9/2016

Reference Information

CVE: CVE-2016-3116

BID: 84322