OSVDB ID: 8137

Title: Dropbear SSH Server DSS Verification Failure Remote Privilege Escalation

Info

Disclosure

Jul 16, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Dropbear contains a flaw related to uninitialised variables in the DSS (Digital Signature Standard) verification code. No further details have been provided.

Classification

Location: Remote / Network Access, Location Unknown
Attack Type: Attack Type Unknown
Impact: Impact Unknown
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 0.43 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Vortech Consulting, LLC

Coyote Linux

2.10

Matt Johnston

Dropbear

0.42

References

Bugtraq ID: 10803
Secunia Advisory ID: 12153
ISS X-Force ID: 16810
CVE ID: 2004-2486 (see also: NVD)
Related OSVDB ID: 8137
Vendor Specific Advisory URL: http://matt.ucc.asn.au/dropbear/CHANGES
http://www.cisco.com/warp/public/707/cisco-sa-20080213-phone.shtml
Vendor Specific News/Changelog Entry: http://matt.ucc.asn.au/dropbear/CHANGES
Vendor URL: http://matt.ucc.asn.au/dropbear/dropbear.html
http://www.coyotelinux.com/
Other Advisory URL: http://matt.ucc.asn.au/dropbear/dropbear.html

Credit

Arne Bernin -

Direct URL: http://osvdb.org/8137