Vulnerabilities > CVE-2004-2486 - Authentication vulnerability in Dropbear SSH Server Digital Signature Standard
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
Vulnerable Configurations
Nessus
| NASL family | Gain a shell remotely |
| NASL id | DROPBEAR_SSH.NASL |
| description | The remote host is running Dropbear prior to version 0.43. There is a flaw in this version of Dropbear that could enable a remote attacker to gain control of the system from a remote location. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14234 |
| published | 2004-08-09 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14234 |
| title | Dropbear SSH Server DSS Verification Failure Remote Privilege Escalation |
References
- http://matt.ucc.asn.au/dropbear/CHANGES
- http://secunia.com/advisories/12153
- http://secunia.com/advisories/28935
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml
- http://www.osvdb.org/8137
- http://www.securityfocus.com/bid/10803
- http://www.vupen.com/english/advisories/2008/0543
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16810
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40490