Detections
Analytics

Dropbear SSH Server DSS Verification Failure Remote Privilege Escalation

high Nessus Plugin ID 14234

Language:

Synopsis

Arbitrary code may be run on the remote host.

Description

The remote host is running Dropbear prior to version 0.43. There is a flaw in this version of Dropbear that could enable a remote attacker to gain control of the system from a remote location.

Solution

Upgrade to at least version 0.43 of Dropbear.

See Also

http://matt.ucc.asn.au/dropbear/CHANGES

Plugin Details

Severity: High

ID: 14234

File Name: dropbear_ssh.nasl

Version: 1.21

Type: remote

Published: 8/9/2004

Updated: 7/10/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:matt_johnston:dropbear_ssh_server

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/16/2004

Reference Information

CVE: CVE-2004-2486

BID: 10803