[SECURITY] [DLA 3187-1] dropbear security update

2022-11-1322:04:45

lists.debian.org

dropbear

ssh

debian

security

vulnerability

authentication

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

40.1%

JSON

Debian LTS Advisory DLA-3187-1 [email protected]
https://www.debian.org/lts/security/ Utkarsh Gupta
November 14, 2022 https://wiki.debian.org/LTS

Package : dropbear
Version : 2018.76-5+deb10u2
CVE ID : CVE-2021-36369

An issue was discovered in Dropbear, a relatively small SSH server and
client. Due to a non-RFC-compliant check of the available authentication
methods in the client-side SSH code, it was possible for an SSH server
to change the login process in its favor. This attack can bypass
additional security measures such as FIDO2 tokens or SSH-Askpass. Thus,
it allows an attacker to abuse a forwarded agent for logging on to
another server unnoticed.

For Debian 10 buster, this problem has been fixed in version
2018.76-5+deb10u2.

We recommend that you upgrade your dropbear packages.

For the detailed security status of dropbear please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dropbear

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11amd64dropbear-bin-dbgsym< 2020.81-3+deb11u1dropbear-bin-dbgsym_2020.81-3+deb11u1_amd64.deb
Debian11mipseldropbear-bin< 2020.81-3+deb11u1dropbear-bin_2020.81-3+deb11u1_mipsel.deb
Debian11alldropbear-initramfs< 2020.81-3+deb11u1dropbear-initramfs_2020.81-3+deb11u1_all.deb
Debian11s390xdropbear-bin-dbgsym< 2020.81-3+deb11u1dropbear-bin-dbgsym_2020.81-3+deb11u1_s390x.deb
Debian10i386dropbear-bin< 2018.76-5+deb10u2dropbear-bin_2018.76-5+deb10u2_i386.deb
Debian10i386dropbear-bin-dbgsym< 2018.76-5+deb10u2dropbear-bin-dbgsym_2018.76-5+deb10u2_i386.deb
Debian11armhfdropbear-bin< 2020.81-3+deb11u1dropbear-bin_2020.81-3+deb11u1_armhf.deb
Debian11s390xdropbear-bin< 2020.81-3+deb11u1dropbear-bin_2020.81-3+deb11u1_s390x.deb
Debian11ppc64eldropbear-bin< 2020.81-3+deb11u1dropbear-bin_2020.81-3+deb11u1_ppc64el.deb
Debian10armhfdropbear-bin-dbgsym< 2018.76-5+deb10u2dropbear-bin-dbgsym_2018.76-5+deb10u2_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	amd64	dropbear-bin-dbgsym	< 2020.81-3+deb11u1	dropbear-bin-dbgsym_2020.81-3+deb11u1_amd64.deb
Debian	11	mipsel	dropbear-bin	< 2020.81-3+deb11u1	dropbear-bin_2020.81-3+deb11u1_mipsel.deb
Debian	11	all	dropbear-initramfs	< 2020.81-3+deb11u1	dropbear-initramfs_2020.81-3+deb11u1_all.deb
Debian	11	s390x	dropbear-bin-dbgsym	< 2020.81-3+deb11u1	dropbear-bin-dbgsym_2020.81-3+deb11u1_s390x.deb
Debian	10	i386	dropbear-bin	< 2018.76-5+deb10u2	dropbear-bin_2018.76-5+deb10u2_i386.deb
Debian	10	i386	dropbear-bin-dbgsym	< 2018.76-5+deb10u2	dropbear-bin-dbgsym_2018.76-5+deb10u2_i386.deb
Debian	11	armhf	dropbear-bin	< 2020.81-3+deb11u1	dropbear-bin_2020.81-3+deb11u1_armhf.deb
Debian	11	s390x	dropbear-bin	< 2020.81-3+deb11u1	dropbear-bin_2020.81-3+deb11u1_s390x.deb
Debian	11	ppc64el	dropbear-bin	< 2020.81-3+deb11u1	dropbear-bin_2020.81-3+deb11u1_ppc64el.deb
Debian	10	armhf	dropbear-bin-dbgsym	< 2018.76-5+deb10u2	dropbear-bin-dbgsym_2018.76-5+deb10u2_armhf.deb