Vulnerabilities > CVE-2013-4434 - Numeric Errors vulnerability in Dropbear SSH Project Dropbear SSH
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-261.NASL description Updated dropbear package fixes security vulnerability : Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59 (CVE-2013-4421). Inconsistent delays in authorization failures could be used to disclose the existence of valid user accounts in dropbear before 2013.59 (CVE-2013-4434). last seen 2020-06-01 modified 2020-06-02 plugin id 70680 published 2013-10-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70680 title Mandriva Linux Security Advisory : dropbear (MDVSA-2013:261) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:261. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(70680); script_version("1.6"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2013-4421", "CVE-2013-4434"); script_bugtraq_id(62958, 62993); script_xref(name:"MDVSA", value:"2013:261"); script_name(english:"Mandriva Linux Security Advisory : dropbear (MDVSA-2013:261)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated dropbear package fixes security vulnerability : Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59 (CVE-2013-4421). Inconsistent delays in authorization failures could be used to disclose the existence of valid user accounts in dropbear before 2013.59 (CVE-2013-4434)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2013-0318.html" ); script_set_attribute( attribute:"solution", value:"Update the affected dropbear package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dropbear"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"dropbear-2013.59-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-839.NASL description dropbear was updated to version 2013.60 to fix following bugs : - Fix last seen 2020-06-05 modified 2014-06-13 plugin id 75194 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75194 title openSUSE Security Update : dropbear (openSUSE-SU-2013:1696-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-839. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75194); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4421", "CVE-2013-4434"); script_name(english:"openSUSE Security Update : dropbear (openSUSE-SU-2013:1696-1)"); script_summary(english:"Check for the openSUSE-2013-839 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "dropbear was updated to version 2013.60 to fix following bugs : - Fix 'make install' so that it doesn't always install to /bin and /sbin - Fix 'make install MULTI=1', installing manpages failed - Fix 'make install' when scp is included since it has no manpage - Make --disable-bundled-libtom work - used as bug fix release for bnc#845306 - VUL-0: CVE-2013-4421 and CVE-2013-4434 - provided links for download sources - employed gpg-offline - verify sources - imported upstream version 2013.59 - Fix crash from -J command Thanks to Lluís Batlle i Rossell and Arnaud Mouiche for patches - Avoid reading too much from /proc/net/rt_cache since that causes system slowness. - Improve EOF handling for half-closed connections Thanks to Catalin Patulea - Send a banner message to report PAM error messages intended for the user Patch from Martin Donnelly - Limit the size of decompressed payloads, avoids memory exhaustion denial of service Thanks to Logan Lamb for reporting and investigating it - Avoid disclosing existence of valid users through inconsistent delays Thanks to Logan Lamb for reporting - Update config.guess and config.sub for newer architectures - Avoid segfault in server for locked accounts - 'make install' now installs manpages dropbearkey.8 has been renamed to dropbearkey.1 manpage added for dropbearconvert - Get rid of one second delay when running non-interactive commands" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=845306" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html" ); script_set_attribute( attribute:"solution", value:"Update the affected dropbear packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dropbear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dropbear-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dropbear-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"dropbear-2013.60-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"dropbear-debuginfo-2013.60-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"dropbear-debugsource-2013.60-2.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dropbear / dropbear-debuginfo / dropbear-debugsource"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-811.NASL description dropbear was updated to version 2013.60 to fix following bugs : - Fix last seen 2020-06-05 modified 2014-06-13 plugin id 75182 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75182 title openSUSE Security Update : dropbear (openSUSE-SU-2013:1616-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8C9B48D1371511E3A62400262D8B701D.NASL description The Dropbear project reports : A weakness and a vulnerability have been reported in Dropbear SSH Server, which can be exploited by malicious people to disclose certain sensitive information and cause a DoS. last seen 2020-06-01 modified 2020-06-02 plugin id 70484 published 2013-10-18 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70484 title FreeBSD : dropbear -- exposure of sensitive information, DoS (8c9b48d1-3715-11e3-a624-00262d8b701d) NASL family Misc. NASL id DROPBEAR_SSH_59.NASL description According to its self-reported banner, the version of Dropbear SSH running on this port is earlier than 2013.59. As such, it is potentially affected by multiple vulnerabilities : - A denial of service vulnerability caused by the way the last seen 2020-06-01 modified 2020-06-02 plugin id 70545 published 2013-10-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70545 title Dropbear SSH Server < 2013.59 Multiple Vulnerabilities
References
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html
- http://secunia.com/advisories/55173
- http://www.openwall.com/lists/oss-security/2013/10/16/11
- http://www.securityfocus.com/bid/62993
- https://matt.ucc.asn.au/dropbear/CHANGES
- https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a
- https://support.citrix.com/article/CTX216642